Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-40339 (GCVE-0-2025-40339)
Vulnerability from cvelistv5 – Published: 2025-12-09 04:09 – Updated: 2025-12-20 08:52
VLAI?
EPSS
Title
drm/amdgpu: fix nullptr err of vm_handle_moved
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix nullptr err of vm_handle_moved
If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL.
So, such kind of amdgpu_bo_va should be updated separately before
amdgpu_vm_handle_moved.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 47281febebe337586569aa4c5694a7511063a42e
(git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 273d1ea12e42e9babb9783837906f3c466f213d3 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 859958a7faefe5b7742b7b8cdbc170713d4bf158 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "47281febebe337586569aa4c5694a7511063a42e",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "273d1ea12e42e9babb9783837906f3c466f213d3",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "859958a7faefe5b7742b7b8cdbc170713d4bf158",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.58",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.8",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix nullptr err of vm_handle_moved\n\nIf a amdgpu_bo_va is fpriv-\u003eprt_va, the bo of this one is always NULL.\nSo, such kind of amdgpu_bo_va should be updated separately before\namdgpu_vm_handle_moved."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-20T08:52:10.207Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/47281febebe337586569aa4c5694a7511063a42e"
},
{
"url": "https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837906f3c466f213d3"
},
{
"url": "https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cdbc170713d4bf158"
}
],
"title": "drm/amdgpu: fix nullptr err of vm_handle_moved",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40339",
"datePublished": "2025-12-09T04:09:55.697Z",
"dateReserved": "2025-04-16T07:20:57.187Z",
"dateUpdated": "2025-12-20T08:52:10.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-40339\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-09T16:17:44.157\",\"lastModified\":\"2025-12-09T18:36:53.557\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amdgpu: fix nullptr err of vm_handle_moved\\n\\nIf a amdgpu_bo_va is fpriv-\u003eprt_va, the bo of this one is always NULL.\\nSo, such kind of amdgpu_bo_va should be updated separately before\\namdgpu_vm_handle_moved.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837906f3c466f213d3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/47281febebe337586569aa4c5694a7511063a42e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cdbc170713d4bf158\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
GHSA-JQ6R-3QG9-JGCW
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix nullptr err of vm_handle_moved
If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL. So, such kind of amdgpu_bo_va should be updated separately before amdgpu_vm_handle_moved.
{
"affected": [],
"aliases": [
"CVE-2025-40339"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:17:44Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix nullptr err of vm_handle_moved\n\nIf a amdgpu_bo_va is fpriv-\u003eprt_va, the bo of this one is always NULL.\nSo, such kind of amdgpu_bo_va should be updated separately before\namdgpu_vm_handle_moved.",
"id": "GHSA-jq6r-3qg9-jgcw",
"modified": "2025-12-09T18:30:36Z",
"published": "2025-12-09T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40339"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837906f3c466f213d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47281febebe337586569aa4c5694a7511063a42e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cdbc170713d4bf158"
}
],
"schema_version": "1.4.0",
"severity": []
}
WID-SEC-W-2025-2765
Vulnerability from csaf_certbund - Published: 2025-12-08 23:00 - Updated: 2026-01-05 23:00Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2765 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2765.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2765 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2765"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50631",
"url": "https://lore.kernel.org/linux-cve-announce/2025120931-CVE-2022-50631-ee18@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50632",
"url": "https://lore.kernel.org/linux-cve-announce/2025120934-CVE-2022-50632-97fb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50633",
"url": "https://lore.kernel.org/linux-cve-announce/2025120934-CVE-2022-50633-8c49@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50634",
"url": "https://lore.kernel.org/linux-cve-announce/2025120934-CVE-2022-50634-2887@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50635",
"url": "https://lore.kernel.org/linux-cve-announce/2025120935-CVE-2022-50635-b2b8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50636",
"url": "https://lore.kernel.org/linux-cve-announce/2025120935-CVE-2022-50636-6d4d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50637",
"url": "https://lore.kernel.org/linux-cve-announce/2025120935-CVE-2022-50637-f1b4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50638",
"url": "https://lore.kernel.org/linux-cve-announce/2025120935-CVE-2022-50638-fb89@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50639",
"url": "https://lore.kernel.org/linux-cve-announce/2025120935-CVE-2022-50639-789f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50640",
"url": "https://lore.kernel.org/linux-cve-announce/2025120935-CVE-2022-50640-324c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50641",
"url": "https://lore.kernel.org/linux-cve-announce/2025120936-CVE-2022-50641-edfb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50642",
"url": "https://lore.kernel.org/linux-cve-announce/2025120936-CVE-2022-50642-6975@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50643",
"url": "https://lore.kernel.org/linux-cve-announce/2025120936-CVE-2022-50643-74ca@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50644",
"url": "https://lore.kernel.org/linux-cve-announce/2025120936-CVE-2022-50644-5149@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50645",
"url": "https://lore.kernel.org/linux-cve-announce/2025120936-CVE-2022-50645-2014@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50646",
"url": "https://lore.kernel.org/linux-cve-announce/2025120936-CVE-2022-50646-37e0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50647",
"url": "https://lore.kernel.org/linux-cve-announce/2025120937-CVE-2022-50647-cb33@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50648",
"url": "https://lore.kernel.org/linux-cve-announce/2025120937-CVE-2022-50648-ac1e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50649",
"url": "https://lore.kernel.org/linux-cve-announce/2025120937-CVE-2022-50649-6a84@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50650",
"url": "https://lore.kernel.org/linux-cve-announce/2025120937-CVE-2022-50650-fbae@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50651",
"url": "https://lore.kernel.org/linux-cve-announce/2025120937-CVE-2022-50651-d950@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50652",
"url": "https://lore.kernel.org/linux-cve-announce/2025120937-CVE-2022-50652-b7be@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50653",
"url": "https://lore.kernel.org/linux-cve-announce/2025120938-CVE-2022-50653-6da2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50654",
"url": "https://lore.kernel.org/linux-cve-announce/2025120938-CVE-2022-50654-a5d9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50655",
"url": "https://lore.kernel.org/linux-cve-announce/2025120938-CVE-2022-50655-746b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50656",
"url": "https://lore.kernel.org/linux-cve-announce/2025120938-CVE-2022-50656-4655@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50657",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2022-50657-6582@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50658",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2022-50658-77b4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50659",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2022-50659-8205@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50660",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2022-50660-562d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50661",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2022-50661-ff17@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50662",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2022-50662-6595@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50663",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2022-50663-5606@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50664",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2022-50664-043a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50665",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2022-50665-2ac9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50666",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2022-50666-0d75@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50667",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50667-01f6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50668",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50668-153a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50669",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50669-f124@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50670",
"url": "https://lore.kernel.org/linux-cve-announce/2025120946-CVE-2022-50670-feb4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50671",
"url": "https://lore.kernel.org/linux-cve-announce/2025120946-CVE-2022-50671-e025@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50672",
"url": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50672-d9b1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50673",
"url": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50673-f920@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50674",
"url": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50674-023e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50675",
"url": "https://lore.kernel.org/linux-cve-announce/2025120948-CVE-2022-50675-9032@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50676",
"url": "https://lore.kernel.org/linux-cve-announce/2025120948-CVE-2022-50676-1387@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50677",
"url": "https://lore.kernel.org/linux-cve-announce/2025120948-CVE-2022-50677-d2c8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50678",
"url": "https://lore.kernel.org/linux-cve-announce/2025120949-CVE-2022-50678-53a4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50679",
"url": "https://lore.kernel.org/linux-cve-announce/2025120949-CVE-2022-50679-b2b8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53777",
"url": "https://lore.kernel.org/linux-cve-announce/2025120938-CVE-2023-53777-f842@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53778",
"url": "https://lore.kernel.org/linux-cve-announce/2025120938-CVE-2023-53778-ee4d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53779",
"url": "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53779-dd3d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53780",
"url": "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53780-914d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53781",
"url": "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53781-cb1d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53782",
"url": "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53782-6428@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53783",
"url": "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53783-4c33@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53784",
"url": "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53784-a381@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53785",
"url": "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53785-2a61@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53786",
"url": "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53786-3c1a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53787",
"url": "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53787-2074@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53788",
"url": "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53788-e6a0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53789",
"url": "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53789-c5cb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53790",
"url": "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53790-6f22@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53791",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53791-a2ea@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53792",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53792-3de7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53793",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53793-0dc1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53794",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53794-8912@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53795",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53795-f912@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53796",
"url": "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53796-4092@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53797",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53797-4a88@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53798",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53798-7845@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53799",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53799-8397@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53800",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53800-eb42@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53801",
"url": "https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53801-6d74@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53802",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2023-53802-4ffb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53803",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2023-53803-0ff9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53804",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2023-53804-3c10@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53805",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2023-53805-f08b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53806",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2023-53806-03cb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53807",
"url": "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2023-53807-63bb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53808",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53808-e169@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53809",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53809-ca78@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53810",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53810-e48e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53811",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53811-dc26@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53812",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53812-a186@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53813",
"url": "https://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53813-cd16@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53814",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2023-53814-eccb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53815",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2023-53815-5695@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53816",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2023-53816-e869@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53817",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2023-53817-49a5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53818",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2023-53818-4c46@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53819",
"url": "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2023-53819-15be@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53820",
"url": "https://lore.kernel.org/linux-cve-announce/2025120933-CVE-2023-53820-fb6c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53821",
"url": "https://lore.kernel.org/linux-cve-announce/2025120950-CVE-2023-53821-9542@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53822",
"url": "https://lore.kernel.org/linux-cve-announce/2025120950-CVE-2023-53822-c4da@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53823",
"url": "https://lore.kernel.org/linux-cve-announce/2025120950-CVE-2023-53823-c6fe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53824",
"url": "https://lore.kernel.org/linux-cve-announce/2025120951-CVE-2023-53824-229c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53825",
"url": "https://lore.kernel.org/linux-cve-announce/2025120951-CVE-2023-53825-1018@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53826",
"url": "https://lore.kernel.org/linux-cve-announce/2025120951-CVE-2023-53826-26a2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53827",
"url": "https://lore.kernel.org/linux-cve-announce/2025120952-CVE-2023-53827-b045@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53828",
"url": "https://lore.kernel.org/linux-cve-announce/2025120952-CVE-2023-53828-57cf@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53829",
"url": "https://lore.kernel.org/linux-cve-announce/2025120953-CVE-2023-53829-2fe9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53830",
"url": "https://lore.kernel.org/linux-cve-announce/2025120953-CVE-2023-53830-7785@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53831",
"url": "https://lore.kernel.org/linux-cve-announce/2025120953-CVE-2023-53831-4dc6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53832",
"url": "https://lore.kernel.org/linux-cve-announce/2025120954-CVE-2023-53832-6d46@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53833",
"url": "https://lore.kernel.org/linux-cve-announce/2025120954-CVE-2023-53833-09d9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53834",
"url": "https://lore.kernel.org/linux-cve-announce/2025120954-CVE-2023-53834-61cb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53835",
"url": "https://lore.kernel.org/linux-cve-announce/2025120955-CVE-2023-53835-0142@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53836",
"url": "https://lore.kernel.org/linux-cve-announce/2025120955-CVE-2023-53836-6cb5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53837",
"url": "https://lore.kernel.org/linux-cve-announce/2025120956-CVE-2023-53837-2bf8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53838",
"url": "https://lore.kernel.org/linux-cve-announce/2025120956-CVE-2023-53838-4c32@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53839",
"url": "https://lore.kernel.org/linux-cve-announce/2025120956-CVE-2023-53839-5f7e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53840",
"url": "https://lore.kernel.org/linux-cve-announce/2025120957-CVE-2023-53840-797d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53841",
"url": "https://lore.kernel.org/linux-cve-announce/2025120957-CVE-2023-53841-cd5b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53842",
"url": "https://lore.kernel.org/linux-cve-announce/2025120957-CVE-2023-53842-d1e7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53843",
"url": "https://lore.kernel.org/linux-cve-announce/2025120958-CVE-2023-53843-195d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53844",
"url": "https://lore.kernel.org/linux-cve-announce/2025120958-CVE-2023-53844-92b4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53845",
"url": "https://lore.kernel.org/linux-cve-announce/2025120959-CVE-2023-53845-b919@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53846",
"url": "https://lore.kernel.org/linux-cve-announce/2025120959-CVE-2023-53846-70c9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53847",
"url": "https://lore.kernel.org/linux-cve-announce/2025120959-CVE-2023-53847-1f94@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53848",
"url": "https://lore.kernel.org/linux-cve-announce/2025120900-CVE-2023-53848-8cd8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53849",
"url": "https://lore.kernel.org/linux-cve-announce/2025120900-CVE-2023-53849-2108@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53850",
"url": "https://lore.kernel.org/linux-cve-announce/2025120900-CVE-2023-53850-5649@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53851",
"url": "https://lore.kernel.org/linux-cve-announce/2025120901-CVE-2023-53851-a201@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53852",
"url": "https://lore.kernel.org/linux-cve-announce/2025120901-CVE-2023-53852-69a1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53853",
"url": "https://lore.kernel.org/linux-cve-announce/2025120902-CVE-2023-53853-424f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53854",
"url": "https://lore.kernel.org/linux-cve-announce/2025120902-CVE-2023-53854-be24@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53855",
"url": "https://lore.kernel.org/linux-cve-announce/2025120902-CVE-2023-53855-9798@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53856",
"url": "https://lore.kernel.org/linux-cve-announce/2025120903-CVE-2023-53856-ed42@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53857",
"url": "https://lore.kernel.org/linux-cve-announce/2025120903-CVE-2023-53857-5513@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53858",
"url": "https://lore.kernel.org/linux-cve-announce/2025120904-CVE-2023-53858-87d4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53859",
"url": "https://lore.kernel.org/linux-cve-announce/2025120904-CVE-2023-53859-1c16@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53860",
"url": "https://lore.kernel.org/linux-cve-announce/2025120904-CVE-2023-53860-3722@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53861",
"url": "https://lore.kernel.org/linux-cve-announce/2025120905-CVE-2023-53861-22c6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53862",
"url": "https://lore.kernel.org/linux-cve-announce/2025120905-CVE-2023-53862-81d5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53863",
"url": "https://lore.kernel.org/linux-cve-announce/2025120905-CVE-2023-53863-8742@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53864",
"url": "https://lore.kernel.org/linux-cve-announce/2025120906-CVE-2023-53864-8bca@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53865",
"url": "https://lore.kernel.org/linux-cve-announce/2025120906-CVE-2023-53865-b26b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53866",
"url": "https://lore.kernel.org/linux-cve-announce/2025120907-CVE-2023-53866-59ec@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40327",
"url": "https://lore.kernel.org/linux-cve-announce/2025120908-CVE-2025-40327-e82c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40328",
"url": "https://lore.kernel.org/linux-cve-announce/2025120909-CVE-2025-40328-a95b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40329",
"url": "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40329-1ead@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40330",
"url": "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40330-d2a2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40331",
"url": "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40331-ee3c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40332",
"url": "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40332-7e62@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40333",
"url": "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40333-4f6a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40334",
"url": "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40334-82a0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40335",
"url": "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40335-8c1e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40336",
"url": "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40336-781e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40337",
"url": "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40337-d3bd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40338",
"url": "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40338-c637@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40339",
"url": "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40339-82ee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40340",
"url": "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40340-4d41@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40341",
"url": "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40341-c778@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40342",
"url": "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40342-a237@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40343",
"url": "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40343-dbb0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40344",
"url": "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40344-0c59@gregkh/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4404 vom 2025-12-12",
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00015.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-116 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-116.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2025-096 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2025-096.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-01-05T23:00:00.000+00:00",
"generator": {
"date": "2026-01-06T08:20:17.037+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2765",
"initial_release_date": "2025-12-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-01-05T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T028462",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:unspecified"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50631",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50631"
},
{
"cve": "CVE-2022-50632",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50632"
},
{
"cve": "CVE-2022-50633",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50633"
},
{
"cve": "CVE-2022-50634",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50634"
},
{
"cve": "CVE-2022-50635",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50635"
},
{
"cve": "CVE-2022-50636",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50636"
},
{
"cve": "CVE-2022-50637",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50637"
},
{
"cve": "CVE-2022-50638",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50638"
},
{
"cve": "CVE-2022-50639",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50639"
},
{
"cve": "CVE-2022-50640",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50640"
},
{
"cve": "CVE-2022-50641",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50641"
},
{
"cve": "CVE-2022-50642",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50642"
},
{
"cve": "CVE-2022-50643",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50643"
},
{
"cve": "CVE-2022-50644",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50644"
},
{
"cve": "CVE-2022-50645",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50645"
},
{
"cve": "CVE-2022-50646",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50646"
},
{
"cve": "CVE-2022-50647",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50647"
},
{
"cve": "CVE-2022-50648",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50648"
},
{
"cve": "CVE-2022-50649",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50649"
},
{
"cve": "CVE-2022-50650",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50650"
},
{
"cve": "CVE-2022-50651",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50651"
},
{
"cve": "CVE-2022-50652",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50652"
},
{
"cve": "CVE-2022-50653",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50653"
},
{
"cve": "CVE-2022-50654",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50654"
},
{
"cve": "CVE-2022-50655",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50655"
},
{
"cve": "CVE-2022-50656",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50656"
},
{
"cve": "CVE-2022-50657",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50657"
},
{
"cve": "CVE-2022-50658",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50658"
},
{
"cve": "CVE-2022-50659",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50659"
},
{
"cve": "CVE-2022-50660",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50660"
},
{
"cve": "CVE-2022-50661",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50661"
},
{
"cve": "CVE-2022-50662",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50662"
},
{
"cve": "CVE-2022-50663",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50663"
},
{
"cve": "CVE-2022-50664",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50664"
},
{
"cve": "CVE-2022-50665",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50665"
},
{
"cve": "CVE-2022-50666",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50666"
},
{
"cve": "CVE-2022-50667",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50667"
},
{
"cve": "CVE-2022-50668",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50668"
},
{
"cve": "CVE-2022-50669",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50669"
},
{
"cve": "CVE-2022-50670",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50670"
},
{
"cve": "CVE-2022-50671",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50671"
},
{
"cve": "CVE-2022-50672",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50672"
},
{
"cve": "CVE-2022-50673",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50673"
},
{
"cve": "CVE-2022-50674",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50674"
},
{
"cve": "CVE-2022-50675",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50675"
},
{
"cve": "CVE-2022-50676",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50676"
},
{
"cve": "CVE-2022-50677",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50677"
},
{
"cve": "CVE-2022-50678",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50678"
},
{
"cve": "CVE-2022-50679",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2022-50679"
},
{
"cve": "CVE-2023-53777",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53777"
},
{
"cve": "CVE-2023-53778",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53778"
},
{
"cve": "CVE-2023-53779",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53779"
},
{
"cve": "CVE-2023-53780",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53780"
},
{
"cve": "CVE-2023-53781",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2023-53782",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53782"
},
{
"cve": "CVE-2023-53783",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53783"
},
{
"cve": "CVE-2023-53784",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53784"
},
{
"cve": "CVE-2023-53785",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53785"
},
{
"cve": "CVE-2023-53786",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53786"
},
{
"cve": "CVE-2023-53787",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53787"
},
{
"cve": "CVE-2023-53788",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53788"
},
{
"cve": "CVE-2023-53789",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53789"
},
{
"cve": "CVE-2023-53790",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53790"
},
{
"cve": "CVE-2023-53791",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53791"
},
{
"cve": "CVE-2023-53792",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53792"
},
{
"cve": "CVE-2023-53793",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53793"
},
{
"cve": "CVE-2023-53794",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53794"
},
{
"cve": "CVE-2023-53795",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53795"
},
{
"cve": "CVE-2023-53796",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53796"
},
{
"cve": "CVE-2023-53797",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53797"
},
{
"cve": "CVE-2023-53798",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53798"
},
{
"cve": "CVE-2023-53799",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53799"
},
{
"cve": "CVE-2023-53800",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53800"
},
{
"cve": "CVE-2023-53801",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53801"
},
{
"cve": "CVE-2023-53802",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53802"
},
{
"cve": "CVE-2023-53803",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53803"
},
{
"cve": "CVE-2023-53804",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53804"
},
{
"cve": "CVE-2023-53805",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53805"
},
{
"cve": "CVE-2023-53806",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53806"
},
{
"cve": "CVE-2023-53807",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53807"
},
{
"cve": "CVE-2023-53808",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53808"
},
{
"cve": "CVE-2023-53809",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53809"
},
{
"cve": "CVE-2023-53810",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53810"
},
{
"cve": "CVE-2023-53811",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53811"
},
{
"cve": "CVE-2023-53812",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53812"
},
{
"cve": "CVE-2023-53813",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53813"
},
{
"cve": "CVE-2023-53814",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53814"
},
{
"cve": "CVE-2023-53815",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53815"
},
{
"cve": "CVE-2023-53816",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53816"
},
{
"cve": "CVE-2023-53817",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53817"
},
{
"cve": "CVE-2023-53818",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53818"
},
{
"cve": "CVE-2023-53819",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53819"
},
{
"cve": "CVE-2023-53820",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53820"
},
{
"cve": "CVE-2023-53821",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53821"
},
{
"cve": "CVE-2023-53822",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53822"
},
{
"cve": "CVE-2023-53823",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53823"
},
{
"cve": "CVE-2023-53824",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53824"
},
{
"cve": "CVE-2023-53825",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53825"
},
{
"cve": "CVE-2023-53826",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53826"
},
{
"cve": "CVE-2023-53827",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53827"
},
{
"cve": "CVE-2023-53828",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53828"
},
{
"cve": "CVE-2023-53829",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53829"
},
{
"cve": "CVE-2023-53830",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53830"
},
{
"cve": "CVE-2023-53831",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53831"
},
{
"cve": "CVE-2023-53832",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53832"
},
{
"cve": "CVE-2023-53833",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53833"
},
{
"cve": "CVE-2023-53834",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53834"
},
{
"cve": "CVE-2023-53835",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53835"
},
{
"cve": "CVE-2023-53836",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53836"
},
{
"cve": "CVE-2023-53837",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53837"
},
{
"cve": "CVE-2023-53838",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53838"
},
{
"cve": "CVE-2023-53839",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53839"
},
{
"cve": "CVE-2023-53840",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53840"
},
{
"cve": "CVE-2023-53841",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53841"
},
{
"cve": "CVE-2023-53842",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53842"
},
{
"cve": "CVE-2023-53843",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53843"
},
{
"cve": "CVE-2023-53844",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53844"
},
{
"cve": "CVE-2023-53845",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53845"
},
{
"cve": "CVE-2023-53846",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53846"
},
{
"cve": "CVE-2023-53847",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53847"
},
{
"cve": "CVE-2023-53848",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53848"
},
{
"cve": "CVE-2023-53849",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53849"
},
{
"cve": "CVE-2023-53850",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53850"
},
{
"cve": "CVE-2023-53851",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53851"
},
{
"cve": "CVE-2023-53852",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53852"
},
{
"cve": "CVE-2023-53853",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53853"
},
{
"cve": "CVE-2023-53854",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53854"
},
{
"cve": "CVE-2023-53855",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53855"
},
{
"cve": "CVE-2023-53856",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53856"
},
{
"cve": "CVE-2023-53857",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53857"
},
{
"cve": "CVE-2023-53858",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53858"
},
{
"cve": "CVE-2023-53859",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53859"
},
{
"cve": "CVE-2023-53860",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53860"
},
{
"cve": "CVE-2023-53861",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53861"
},
{
"cve": "CVE-2023-53862",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53862"
},
{
"cve": "CVE-2023-53863",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53863"
},
{
"cve": "CVE-2023-53864",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53864"
},
{
"cve": "CVE-2023-53865",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53865"
},
{
"cve": "CVE-2023-53866",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2023-53866"
},
{
"cve": "CVE-2025-40327",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40327"
},
{
"cve": "CVE-2025-40328",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40328"
},
{
"cve": "CVE-2025-40329",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40329"
},
{
"cve": "CVE-2025-40330",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40330"
},
{
"cve": "CVE-2025-40331",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40331"
},
{
"cve": "CVE-2025-40332",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40332"
},
{
"cve": "CVE-2025-40333",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40333"
},
{
"cve": "CVE-2025-40334",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40334"
},
{
"cve": "CVE-2025-40335",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40335"
},
{
"cve": "CVE-2025-40336",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40336"
},
{
"cve": "CVE-2025-40337",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40337"
},
{
"cve": "CVE-2025-40338",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40338"
},
{
"cve": "CVE-2025-40339",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40339"
},
{
"cve": "CVE-2025-40340",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40340"
},
{
"cve": "CVE-2025-40341",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40341"
},
{
"cve": "CVE-2025-40342",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40342"
},
{
"cve": "CVE-2025-40343",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40343"
},
{
"cve": "CVE-2025-40344",
"product_status": {
"known_affected": [
"T028462",
"2951",
"398363"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-40344"
}
]
}
FKIE_CVE-2025-40339
Vulnerability from fkie_nvd - Published: 2025-12-09 16:17 - Updated: 2025-12-09 18:36
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix nullptr err of vm_handle_moved
If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL.
So, such kind of amdgpu_bo_va should be updated separately before
amdgpu_vm_handle_moved.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix nullptr err of vm_handle_moved\n\nIf a amdgpu_bo_va is fpriv-\u003eprt_va, the bo of this one is always NULL.\nSo, such kind of amdgpu_bo_va should be updated separately before\namdgpu_vm_handle_moved."
}
],
"id": "CVE-2025-40339",
"lastModified": "2025-12-09T18:36:53.557",
"metrics": {},
"published": "2025-12-09T16:17:44.157",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837906f3c466f213d3"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/47281febebe337586569aa4c5694a7511063a42e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cdbc170713d4bf158"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
SUSE-SU-2026:0278-1
Vulnerability from csaf_suse - Published: 2026-01-23 15:08 - Updated: 2026-01-23 15:08Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
- CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647).
- CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).
- CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854).
- CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856).
- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082).
- CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297).
- CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830).
- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).
- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40287: exfat: fix improper check of dentry.stream.valid_size (bsc#1255030).
- CVE-2025-40289: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (bsc#1255042).
- CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175).
- CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
- CVE-2025-40307: exfat: validate cluster allocation bits of the allocation bitmap (bsc#1255039).
- CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794).
- CVE-2025-40330: bnxt_en: Shutdown FW DMA in bnxt_shutdown() (bsc#1254616).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081).
- CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273).
- CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318).
- CVE-2025-40357: net/smc: fix general protection fault in __smc_diag_dump (bsc#1255097).
- CVE-2025-68197: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (bsc#1255242).
- CVE-2025-68204: pmdomain: arm: scmi: Fix genpd leak on provider registration failure (bsc#1255224).
- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).
- CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227).
- CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230).
- CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272).
- CVE-2025-68255: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (bsc#1255395).
- CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).
- CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
- CVE-2025-68302: net: sxgbe: fix potential NULL dereference in sxgbe_rx() (bsc#1255121).
- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).
- CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614).
- CVE-2025-68742: bpf: Improve program stats run-time calculation (bsc#1255707).
- CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709).
The following non security issues were fixed:
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes).
- ACPI: PCC: Fix race condition by removing static qualifier (git-fixes).
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes).
- ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes).
- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes).
- ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes).
- ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes).
- ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes).
- ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes).
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes).
- ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes).
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes).
- ALSA: uapi: Fix typo in asound.h comment (git-fixes).
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes).
- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series (stable-fixes).
- ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes).
- ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes).
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes).
- ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes).
- ASoC: ak4458: Disable regulator when error happens (git-fixes).
- ASoC: ak4458: remove the reset operation in probe and remove (git-fixes).
- ASoC: ak5558: Disable regulator when error happens (git-fixes).
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() (git-fixes).
- ASoC: codecs: lpass-tx-macro: fix SM6115 support (git-fixes).
- ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes).
- ASoC: fsl_xcvr: clear the channel status control memory (git-fixes).
- ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes).
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr (git-fixes).
- ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes).
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: stm32: sai: fix OF node leak on probe (git-fixes).
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes).
- ASoC: stm32: sai: fix device leak on probe (git-fixes).
- ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes).
- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes).
- Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (git-fixes).
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes).
- Bluetooth: btrtl: Avoid loading the config file on security chips (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes).
- Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref (git-fixes).
- Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface (git-fixes).
- Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes).
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes).
- Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes).
- Documentation: hid-alps: Fix packet format section headings (git-fixes).
- Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes).
- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list (stable-fixes).
- HID: elecom: Add support for ELECOM M-XT3URBK (018F) (stable-fixes).
- HID: hid-input: Extend Elan ignore battery quirk to USB (stable-fixes).
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes).
- HID: logitech-dj: Remove duplicate error logging (git-fixes).
- HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes).
- HID: quirks: work around VID/PID conflict for appledisplay (git-fixes).
- Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes).
- Input: cros_ec_keyb - fix an invalid memory access (stable-fixes).
- Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes).
- Input: goodix - add support for ACPI ID GDX9110 (stable-fixes).
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes).
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255463).
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes).
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes).
- PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes).
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes).
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes).
- Revert 'drm/amd/display: Fix pbn to kbps Conversion' (stable-fixes).
- Revert 'drm/amd/display: Move setup_stream_attribute' (stable-fixes).
- Revert 'drm/amd: Skip power ungate during suspend for VPE' (git-fixes).
- Revert 'mtd: rawnand: marvell: fix layouts' (git-fixes).
- Revert 'net: r8169: Disable multicast filter for RTL8168H and RTL8107E' (jsc#PED-14353).
- Revert 'r8169: don't try to disable interrupts if NAPI is, scheduled already' (jsc#PED-14353).
- USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes).
- USB: lpc32xx_udc: Fix error handling in probe (git-fixes).
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes).
- USB: serial: ftdi_sio: match on interface number for jtag (stable-fixes).
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: option: add Foxconn T99W760 (stable-fixes).
- USB: serial: option: add Quectel RG255C (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 new compositions (stable-fixes).
- USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes).
- USB: serial: option: add UNISOC UIS7720 (stable-fixes).
- USB: serial: option: add support for Rolling RW101R-GL (stable-fixes).
- USB: serial: option: move Telit 0x10c7 composition in the right place (stable-fixes).
- USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes).
- accel/ivpu: Fix DCT active percent format (git-fixes).
- accel/ivpu: Fix race condition when unbinding BOs (git-fixes).
- arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes).
- arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes).
- atm/fore200e: Fix possible data race in fore200e_open() (git-fixes).
- atm: Fix dma_free_coherent() size (git-fixes).
- atm: idt77252: Add missing `dma_map_error()` (stable-fixes).
- backlight: led-bl: Add devlink to supplier LEDs (git-fixes).
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes).
- bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433).
- bpf: Reject bpf_timer for PREEMPT_RT (git-fixes).
- broadcom: b44: prevent uninitialized value usage (git-fixes).
- btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes).
- can: gs_usb: gs_can_open(): fix error handling (git-fixes).
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes).
- can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes).
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes).
- can: sja1000: fix max irq loop handling (git-fixes).
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes).
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434).
- char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes).
- cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449).
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes).
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes).
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes).
- clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes).
- clk: samsung: exynos-clkout: Assign .num before accessing .hws (git-fixes).
- comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes).
- comedi: check device's attached status in compat ioctls (git-fixes).
- comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes).
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes).
- cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes).
- cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes).
- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes).
- crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes).
- crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes).
- crypto: hisilicon/qm - restore original qos values (git-fixes).
- crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes).
- crypto: qat - fix duplicate restarting msg during AER error (git-fixes).
- crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes).
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes).
- dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes).
- dm-verity: fix unreliable memory allocation (git-fixes).
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386).
- drivers/usb/dwc3: fix PCI parent check (git-fixes).
- drm/amd/amdgpu: reserve vm invalidation engine for uni_mes (stable-fixes).
- drm/amd/display: Check NULL before accessing (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 (stable-fixes).
- drm/amd/display: Don't change brightness for disabled connectors (stable-fixes).
- drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes).
- drm/amd/display: Fix pbn to kbps Conversion (stable-fixes).
- drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes).
- drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes).
- drm/amd/display: Increase DPCD read retries (stable-fixes).
- drm/amd/display: Insert dccg log for easy debug (stable-fixes).
- drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes).
- drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched (git-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes).
- drm/amd/display: avoid reset DTBCLK at clock init (stable-fixes).
- drm/amd/display: disable DPP RCG before DPP CLK enable (stable-fixes).
- drm/amd: Skip power ungate during suspend for VPE (stable-fixes).
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes).
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes).
- drm/amdgpu: Forward VMID reservation errors (git-fixes).
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes).
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes).
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes).
- drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (stable-fixes).
- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes).
- drm/amdkfd: Fix GPU mappings for APU after prefetch (stable-fixes).
- drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes).
- drm/amdkfd: Use huge page size to check split svm range alignment (git-fixes).
- drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes).
- drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes).
- drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes).
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes).
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes).
- drm/i915/dp: Initialize the source OUI write timestamp always (stable-fixes).
- drm/i915/dp_mst: Disable Panel Replay (git-fixes).
- drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes).
- drm/i915: Fix format string truncation warning (git-fixes).
- drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes).
- drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() (git-fixes).
- drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes).
- drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes).
- drm/mediatek: Fix probe device leaks (git-fixes).
- drm/mediatek: Fix probe memory leak (git-fixes).
- drm/mediatek: Fix probe resource leaks (git-fixes).
- drm/mediatek: ovl_adaptor: Fix probe device leaks (git-fixes).
- drm/mgag200: Fix big-endian support (git-fixes).
- drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes).
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes).
- drm/msm/a6xx: Fix the gemnoc workaround (git-fixes).
- drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes).
- drm/msm/a6xx: Improve MX rail fallback in RPMH vote init (git-fixes).
- drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes).
- drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes).
- drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (git-fixes).
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes).
- drm/nouveau: refactor deprecated strcpy (git-fixes).
- drm/nouveau: restrict the flush page to a 32-bit address (git-fixes).
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes).
- drm/panel: visionox-rm69299: Don't clear all mode flags (git-fixes).
- drm/panthor: Avoid adding of kernel BOs to extobj list (git-fixes).
- drm/panthor: Fix UAF on kernel BO VA nodes (git-fixes).
- drm/panthor: Fix group_free_queue() for partially initialized queues (git-fixes).
- drm/panthor: Fix potential memleak of vma structure (git-fixes).
- drm/panthor: Fix race with suspend during unplug (git-fixes).
- drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (git-fixes).
- drm/panthor: Handle errors returned by drm_sched_entity_init() (git-fixes).
- drm/pl111: Fix error handling in pl111_amba_probe (git-fixes).
- drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() (git-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
- drm/sched: Fix race in drm_sched_entity_select_rq() (git-fixes).
- drm/tilcdc: Fix removal actions in case of failed probe (git-fixes).
- drm/tilcdc: request and mapp iomem with devres (stable-fixes).
- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).
- drm/vgem-fence: Fix potential deadlock on release (git-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (git-fixes).
- drm/xe/oa: Disallow 0 OA property values (git-fixes).
- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() (git-fixes).
- drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes).
- drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes).
- drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes).
- drm/xe: Fix conversion from clock ticks to milliseconds (git-fixes).
- drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes).
- drm/xe: Prevent BIT() overflow when handling invalid prefetch region (git-fixes).
- drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes).
- drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes).
- drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() (git-fixes).
- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).
- drm: sti: fix device leaks at component probe (git-fixes).
- efi/libstub: Avoid physical address 0x0 when doing random allocation (stable-fixes).
- efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes).
- efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- efi: stmm: fix kernel-doc 'bad line' warnings (git-fixes).
- exfat: add a check for invalid data size (git-fixes).
- exfat: using hweight instead of internal logic (git-fixes).
- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
- ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1256366).
- fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes).
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes).
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes).
- fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes).
- firewire: nosy: Fix dma_free_coherent() size (git-fixes).
- firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes).
- firmware: imx: scu-irq: fix OF node leak in (git-fixes).
- firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes).
- firmware: stratix10-svc: fix bug in saving controller data (git-fixes).
- firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes).
- fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025).
- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes).
- genalloc.h: fix htmldocs warning (git-fixes).
- gpio: rockchip: mark the GPIO controller as sleeping (git-fixes).
- gpu: host1x: Fix race in syncpt alloc/free (git-fixes).
- hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes).
- hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes).
- hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes).
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes).
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes).
- hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes).
- i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes).
- i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes).
- i2c: i2c.h: fix a bad kernel-doc line (git-fixes).
- i3c: fix refcount inconsistency in i3c_master_register (git-fixes).
- i3c: master: Inherit DMA masks and parameters from parent device (stable-fixes).
- i3c: master: svc: Prevent incomplete IBI transaction (git-fixes).
- idr: fix idr_alloc() returning an ID out of range (git-fixes).
- iio: accel: bmc150: Fix irq assumption regression (stable-fixes).
- iio: accel: fix ADXL355 startup race condition (git-fixes).
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes).
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes).
- iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes).
- iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes).
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes).
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes).
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes).
- ima: Handle error code returned by ima_filter_rule_match() (git-fixes).
- intel_th: Fix error handling in intel_th_output_open (git-fixes).
- ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes).
- ipmi: Fix handling of messages with provided receive message pointer (git-fixes).
- ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes).
- ipmi: Rework user message limit handling (git-fixes).
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes).
- kconfig/mconf: Initialize the default locale at startup (stable-fixes).
- kconfig/nconf: Initialize the default locale at startup (stable-fixes).
- leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes).
- leds: leds-lp50xx: Enable chip before any communication (git-fixes).
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes).
- leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes).
- lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes).
- mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes).
- media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes).
- media: amphion: Add a frame flush mode for decoder (stable-fixes).
- media: amphion: Cancel message work before releasing the VPU core (git-fixes).
- media: amphion: Make some vpu_v4l2 functions static (stable-fixes).
- media: amphion: Remove vpu_vb_is_codecconfig (git-fixes).
- media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973).
- media: atomisp: Remove firmware_name module parameter (bsc#1252973).
- media: cec: Fix debugfs leak on bus_register() failure (git-fixes).
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes).
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: imx-mipi-csis: Drop extra clock enable at probe() (git-fixes).
- media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes).
- media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT (stable-fixes).
- media: ov5640: fix vblank unchange issue when work at dvp mode (git-fixes).
- media: pci: ivtv: Don't create fake v4l2_fh (stable-fixes).
- media: pvrusb2: Fix incorrect variable used in trace message (git-fixes).
- media: qcom: camss: Fix genpd cleanup (git-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).
- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).
- media: qcom: venus: fix incorrect return value (stable-fixes).
- media: radio-isa: use dev_name to fill in bus_info (stable-fixes).
- media: rc: st_rc: Fix reset control resource leak (git-fixes).
- media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes).
- media: s5p-mfc: Fix potential deadlock on condlock (stable-fixes).
- media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes).
- media: uvcvideo: Force UVC version to 1.0a for 0408:4033 (stable-fixes).
- media: v4l2-mem2mem: Fix outdated documentation (git-fixes).
- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes).
- media: verisilicon: Store chroma and motion vectors offset (stable-fixes).
- media: verisilicon: g2: Use common helpers to compute chroma and mv offsets (stable-fixes).
- media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes).
- media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes).
- media: vpif_capture: fix section mismatch (git-fixes).
- media: vpif_display: fix section mismatch (git-fixes).
- mei: gsc: add dependency on Xe driver (git-fixes).
- mei: me: add wildcat lake P DID (stable-fixes).
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes).
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes).
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes).
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes).
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes).
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes).
- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes).
- most: usb: fix double free on late probe failure (git-fixes).
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes).
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes).
- mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes).
- mtd: nand: relax ECC parameter validation check (git-fixes).
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes).
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes).
- net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes).
- net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes).
- net: phy: adin1100: Fix software power-down ready condition (git-fixes).
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes).
- net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes).
- net: r8169: Disable multicast filter for RTL8168H and RTL8107E (jsc#PED-14353).
- net: rose: fix invalid array index in rose_kill_by_device() (git-fixes).
- net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes).
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes).
- net: usb: sr9700: fix incorrect command used to write single register (git-fixes).
- net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes).
- netdevsim: print human readable IP address (bsc#1255071).
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes).
- nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223).
- nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223).
- nvme: Use non zero KATO for persistent discovery connections (git-fixes).
- orangefs: fix xattr related buffer overflow.. (git-fixes).
- perf list: Add IBM z17 event descriptions (jsc#PED-13611).
- perf/x86/intel: Fix KASAN global-out-of-bounds warning (git-fixes).
- phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes).
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes).
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration (stable-fixes).
- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling (stable-fixes).
- pinctrl: single: Fix incorrect type for error return variable (git-fixes).
- pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes).
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes).
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes).
- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list (stable-fixes).
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes).
- platform/x86: acer-wmi: Ignore backlight event (stable-fixes).
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes).
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes).
- platform/x86: huawei-wmi: add keys for HONOR models (stable-fixes).
- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes).
- platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes).
- platform/x86: intel: punit_ipc: fix memory corruption (git-fixes).
- platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes).
- power: supply: apm_power: only unset own apm_get_power_status (git-fixes).
- power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes).
- power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes).
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187).
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029).
- powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496).
- pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes).
- r8169: Fix spelling mistake: 'tx_underun' -> 'tx_underrun' (jsc#PED-14353).
- r8169: Use PCI_IRQ_INTX instead of PCI_IRQ_LEGACY (jsc#PED-14353).
- r8169: add MODULE_FIRMWARE entry for RTL8126A (jsc#PED-14353).
- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353).
- r8169: add generic rtl_set_eee_txidle_timer function (jsc#PED-14353).
- r8169: add missing MODULE_FIRMWARE entry for RTL8126A rev.b (jsc#PED-14353).
- r8169: add support for Intel Killer E5000 (jsc#PED-14353).
- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
- r8169: add support for RTL8125D (jsc#PED-14353).
- r8169: add support for RTL8125D rev.b (jsc#PED-14353).
- r8169: add support for RTL8126A rev.b (jsc#PED-14353).
- r8169: add support for RTL8168M (jsc#PED-14353).
- r8169: add support for returning tx_lpi_timer in ethtool get_eee (jsc#PED-14353).
- r8169: add support for the temperature sensor being available from RTL8125B (jsc#PED-14353).
- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
- r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353).
- r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353).
- r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353).
- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353).
- r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353).
- r8169: avoid unsolicited interrupts (jsc#PED-14353).
- r8169: check for PCI read error in probe (jsc#PED-14353).
- r8169: disable ALDPS per default for RTL8125 (jsc#PED-14353).
- r8169: disable RTL8126 ZRX-DC timeout (jsc#PED-14353).
- r8169: disable interrupt source RxOverflow (jsc#PED-14353).
- r8169: don't apply UDP padding quirk on RTL8126A (jsc#PED-14353).
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (jsc#PED-14353).
- r8169: don't scan PHY addresses > 0 (jsc#PED-14353).
- r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
- r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353).
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353).
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes).
- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353).
- r8169: implement additional ethtool stats ops (jsc#PED-14353).
- r8169: improve RTL8411b phy-down fixup (jsc#PED-14353).
- r8169: improve __rtl8169_set_wol (jsc#PED-14353).
- r8169: improve handling task scheduling (jsc#PED-14353).
- r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
- r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: remove detection of chip version 11 (early RTL8168b) (jsc#PED-14353).
- r8169: remove leftover locks after reverted change (jsc#PED-14353).
- r8169: remove multicast filter limit (jsc#PED-14353).
- r8169: remove not needed check in rtl_fw_write_firmware (jsc#PED-14353).
- r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353).
- r8169: remove redundant hwmon support (jsc#PED-14353).
- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
- r8169: remove support for chip version 11 (jsc#PED-14353).
- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353).
- r8169: set EEE speed down ratio to 1 (stable-fixes).
- r8169: simplify EEE handling (jsc#PED-14353).
- r8169: simplify code by using core-provided pcpu stats allocation (jsc#PED-14353).
- r8169: support setting the EEE tx idle timer on RTL8168h (jsc#PED-14353).
- r8169: use dev_err_probe in all appropriate places in rtl_init_one() (jsc#PED-14353).
- r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353).
- regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes).
- regulator: core: disable supply if enabling main regulator fails (git-fixes).
- reset: fix BIT macro reference (stable-fixes).
- rpmsg: glink: fix rpmsg device leak (git-fixes).
- rtc: gamecube: Check the return value of ioremap() (git-fixes).
- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251752 jsc#PED-14280).
- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251752 jsc#PED-14280).
- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251752 jsc#PED-14280).
- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251752 jsc#PED-14280).
- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251752 jsc#PED-14280).
- scsi: mpi3mr: Update driver version to 8.14.0.5.50 (bsc#1251752 jsc#PED-14280).
- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251752 jsc#PED-14280).
- selftests/bpf: Skip timer cases when bpf_timer is not supported (git-fixes).
- selftests/net: calibrate txtimestamp (bsc#1255085).
- selftests/net: convert fcnal-test.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert fib-onlink-tests.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_multiprefix to run it in unique namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_nongw.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert fib_nexthops.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert fib_rule_tests.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert fib_tests.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt46_l3vpn_test.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt4_l3vpn_test.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt6_l3vpn_test.sh to run it in unique namespace (bsc#1254235).
- selftests/net: convert test_vxlan_vnifiltering.sh to run it in unique namespace (bsc#1255349).
- selftests/net: convert vrf_route_leaking.sh to run it in unique namespace (bsc#1255349).
- selftests/net: synchronize udpgro tests' tx and rx connection (bsc#1254235).
- selftests: Introduce Makefile variable to list shared bash scripts (bsc#1254235).
- selftests: bonding: Add net/forwarding/lib.sh to TEST_INCLUDES (bsc#1254235).
- selftests: dsa: Replace test symlinks by wrapper script (bsc#1254235).
- selftests: net: Remove executable bits from library scripts (bsc#1254235).
- selftests: net: explicitly wait for listener ready (bsc#1254235).
- selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346).
- selftests: net: include forwarding lib (bsc#1254235).
- selftests: net: included needed helper in the install targets (bsc#1254235).
- selftests: net: more strict check in net_helper (bsc#1254235).
- selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349).
- selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349).
- selftests: net: veth: test the ability to independently manipulate GRO and XDP (bsc#1255101).
- selftests: team: Add shared library scripts to TEST_INCLUDES (bsc#1254235).
- selftests: vrf_route_leaking: remove ipv6_ping_frag from default testing (bsc#1255349).
- serial: add support of CPCI cards (stable-fixes).
- serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes).
- serial: core: Fix serial device initialization (git-fixes).
- serial: core: Restore sysfs fwnode information (git-fixes).
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes).
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes).
- smc91x: fix broken irq-context in PREEMPT_RT (git-fixes).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- soc: amlogic: canvas: fix device leak on lookup (git-fixes).
- soc: qcom: ocmem: fix device leak on lookup (git-fixes).
- soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes).
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes).
- spi: bcm63xx: drop wrong casts in probe() (git-fixes).
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes).
- spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes).
- spi: imx: keep dma request disabled before dma transfer setup (stable-fixes).
- spi: tegra210-qspi: Remove cache operations (git-fixes).
- spi: tegra210-quad: Add support for internal DMA (git-fixes).
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155).
- spi: tegra210-quad: Fix timeout handling (bsc#1253155).
- spi: tegra210-quad: Fix timeout handling (git-fixes).
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155).
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes).
- spi: xilinx: increase number of retries before declaring stall (stable-fixes).
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes).
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (stable-fixes).
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (stable-fixes).
- thunderbolt: Add support for Intel Wildcat Lake (stable-fixes).
- tick/sched: Limit non-timekeeper CPUs calling jiffies update (bsc#1254477).
- tracing: Fix access to trace_event_file (bsc#1254373).
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes).
- usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes).
- usb: chaoskey: fix locking for O_NONBLOCK (git-fixes).
- usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes).
- usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes).
- usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes).
- usb: dwc2: fix hang during suspend if set as peripheral (git-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes).
- usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes).
- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes).
- usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes).
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes).
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes).
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes).
- usb: ohci-nxp: Use helper function devm_clk_get_enabled() (stable-fixes).
- usb: ohci-nxp: fix device leak on probe failure (git-fixes).
- usb: phy: Initialize struct usb_phy list_head (git-fixes).
- usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes).
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes).
- usb: raw-gadget: do not limit transfer length (git-fixes).
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes).
- usb: storage: Fix memory leak in USB bulk transport (git-fixes).
- usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes).
- usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes).
- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes).
- usb: udc: Add trace event for usb_gadget_set_state (stable-fixes).
- usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes).
- usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes).
- usbip: Fix locking bug in RT-enabled kernels (stable-fixes).
- via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes).
- virtio_console: fix order of fields cols and rows (stable-fixes).
- watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes).
- wifi: ath10k: Add missing include of export.h (stable-fixes).
- wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes).
- wifi: ath10k: move recovery check logic into a new work (git-fixes).
- wifi: ath11k: fix peer HE MCS assignment (git-fixes).
- wifi: ath11k: restore register window after global reset (git-fixes).
- wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() (git-fixes).
- wifi: avoid kernel-infoleak from struct iw_point (git-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes).
- wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes).
- wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes).
- wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes).
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes).
- wifi: ieee80211: correct FILS status codes (git-fixes).
- wifi: mac80211: do not use old MBSSID elements (git-fixes).
- wifi: mac80211: fix CMAC functions not handling errors (git-fixes).
- wifi: mac80211: restore non-chanctx injection behaviour (git-fixes).
- wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes).
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (stable-fixes).
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (stable-fixes).
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes).
- wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes).
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes).
- wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes).
- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 (stable-fixes).
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes).
- x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes).
- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528).
- x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528).
- x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528).
- x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528).
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528).
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528).
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528).
- x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528).
- x86/microcode/AMD: Select which microcode patch to load (bsc#1256528).
- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528).
- x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528).
- xhci: dbgtty: fix device unregister (git-fixes).
- xhci: fix stale flag preventig URBs after link state error is cleared (git-fixes).
Patchnames
SUSE-2026-278,SUSE-SLE-Module-Live-Patching-15-SP7-2026-278,SUSE-SLE-Module-RT-15-SP7-2026-278
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).\n- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).\n- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).\n- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).\n- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).\n- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).\n- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).\n- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).\n- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).\n- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).\n- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).\n- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).\n- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).\n- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).\n- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).\n- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).\n- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).\n- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).\n- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).\n- CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647).\n- CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623).\n- CVE-2025-40215: kABI: xfrm: delete x-\u003etunnel as we delete x (bsc#1254959).\n- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).\n- CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815).\n- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).\n- CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869).\n- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).\n- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).\n- CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854).\n- CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856).\n- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).\n- CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082).\n- CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297).\n- CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830).\n- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).\n- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).\n- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).\n- CVE-2025-40287: exfat: fix improper check of dentry.stream.valid_size (bsc#1255030).\n- CVE-2025-40289: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (bsc#1255042).\n- CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175).\n- CVE-2025-40293: iommufd: Don\u0027t overflow during division for dirty tracking (bsc#1255179).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).\n- CVE-2025-40307: exfat: validate cluster allocation bits of the allocation bitmap (bsc#1255039).\n- CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794).\n- CVE-2025-40330: bnxt_en: Shutdown FW DMA in bnxt_shutdown() (bsc#1254616).\n- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).\n- CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081).\n- CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273).\n- CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318).\n- CVE-2025-40357: net/smc: fix general protection fault in __smc_diag_dump (bsc#1255097).\n- CVE-2025-68197: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (bsc#1255242).\n- CVE-2025-68204: pmdomain: arm: scmi: Fix genpd leak on provider registration failure (bsc#1255224).\n- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).\n- CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227).\n- CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230).\n- CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272).\n- CVE-2025-68255: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (bsc#1255395).\n- CVE-2025-68259: KVM: SVM: Don\u0027t skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).\n- CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).\n- CVE-2025-68302: net: sxgbe: fix potential NULL dereference in sxgbe_rx() (bsc#1255121).\n- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).\n- CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614).\n- CVE-2025-68742: bpf: Improve program stats run-time calculation (bsc#1255707).\n- CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709).\n\nThe following non security issues were fixed:\n\n- ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes).\n- ACPI: PCC: Fix race condition by removing static qualifier (git-fixes).\n- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes).\n- ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes).\n- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes).\n- ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes).\n- ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes).\n- ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes).\n- ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes).\n- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes).\n- ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes).\n- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes).\n- ALSA: uapi: Fix typo in asound.h comment (git-fixes).\n- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes).\n- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series (stable-fixes).\n- ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes).\n- ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes).\n- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes).\n- ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes).\n- ASoC: ak4458: Disable regulator when error happens (git-fixes).\n- ASoC: ak4458: remove the reset operation in probe and remove (git-fixes).\n- ASoC: ak5558: Disable regulator when error happens (git-fixes).\n- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() (git-fixes).\n- ASoC: codecs: lpass-tx-macro: fix SM6115 support (git-fixes).\n- ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes).\n- ASoC: fsl_xcvr: clear the channel status control memory (git-fixes).\n- ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes).\n- ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr (git-fixes).\n- ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes).\n- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: stm32: sai: fix OF node leak on probe (git-fixes).\n- ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes).\n- ASoC: stm32: sai: fix device leak on probe (git-fixes).\n- ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes).\n- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes).\n- Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (git-fixes).\n- Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes).\n- Bluetooth: btrtl: Avoid loading the config file on security chips (stable-fixes).\n- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes).\n- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes).\n- Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref (git-fixes).\n- Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface (git-fixes).\n- Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes).\n- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes).\n- Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes).\n- Documentation: hid-alps: Fix packet format section headings (git-fixes).\n- Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes).\n- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list (stable-fixes).\n- HID: elecom: Add support for ELECOM M-XT3URBK (018F) (stable-fixes).\n- HID: hid-input: Extend Elan ignore battery quirk to USB (stable-fixes).\n- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes).\n- HID: logitech-dj: Remove duplicate error logging (git-fixes).\n- HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes).\n- HID: quirks: work around VID/PID conflict for appledisplay (git-fixes).\n- Input: atkbd - skip deactivate for HONOR FMB-P\u0027s internal keyboard (git-fixes).\n- Input: cros_ec_keyb - fix an invalid memory access (stable-fixes).\n- Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes).\n- Input: goodix - add support for ACPI ID GDX9110 (stable-fixes).\n- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes).\n- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes).\n- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes).\n- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).\n- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255463).\n- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes).\n- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes).\n- PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes).\n- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes).\n- PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes).\n- Revert \u0027drm/amd/display: Fix pbn to kbps Conversion\u0027 (stable-fixes).\n- Revert \u0027drm/amd/display: Move setup_stream_attribute\u0027 (stable-fixes).\n- Revert \u0027drm/amd: Skip power ungate during suspend for VPE\u0027 (git-fixes).\n- Revert \u0027mtd: rawnand: marvell: fix layouts\u0027 (git-fixes).\n- Revert \u0027net: r8169: Disable multicast filter for RTL8168H and RTL8107E\u0027 (jsc#PED-14353).\n- Revert \u0027r8169: don\u0027t try to disable interrupts if NAPI is, scheduled already\u0027 (jsc#PED-14353).\n- USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes).\n- USB: lpc32xx_udc: Fix error handling in probe (git-fixes).\n- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes).\n- USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes).\n- USB: serial: ftdi_sio: match on interface number for jtag (stable-fixes).\n- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes).\n- USB: serial: option: add Foxconn T99W760 (stable-fixes).\n- USB: serial: option: add Quectel RG255C (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE910C04 new compositions (stable-fixes).\n- USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes).\n- USB: serial: option: add UNISOC UIS7720 (stable-fixes).\n- USB: serial: option: add support for Rolling RW101R-GL (stable-fixes).\n- USB: serial: option: move Telit 0x10c7 composition in the right place (stable-fixes).\n- USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes).\n- accel/ivpu: Fix DCT active percent format (git-fixes).\n- accel/ivpu: Fix race condition when unbinding BOs (git-fixes).\n- arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes).\n- arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes).\n- atm/fore200e: Fix possible data race in fore200e_open() (git-fixes).\n- atm: Fix dma_free_coherent() size (git-fixes).\n- atm: idt77252: Add missing `dma_map_error()` (stable-fixes).\n- backlight: led-bl: Add devlink to supplier LEDs (git-fixes).\n- backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes).\n- bpf: Do not limit bpf_cgroup_from_id to current\u0027s namespace (bsc#1255433).\n- bpf: Reject bpf_timer for PREEMPT_RT (git-fixes).\n- broadcom: b44: prevent uninitialized value usage (git-fixes).\n- btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes).\n- can: gs_usb: gs_can_open(): fix error handling (git-fixes).\n- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes).\n- can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes).\n- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes).\n- can: sja1000: fix max irq loop handling (git-fixes).\n- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes).\n- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434).\n- char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes).\n- cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449).\n- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes).\n- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes).\n- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes).\n- clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes).\n- clk: samsung: exynos-clkout: Assign .num before accessing .hws (git-fixes).\n- comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes).\n- comedi: check device\u0027s attached status in compat ioctls (git-fixes).\n- comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes).\n- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes).\n- cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes).\n- cpufreq: nforce2: fix reference count leak in nforce2 (git-fixes).\n- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).\n- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes).\n- crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes).\n- crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes).\n- crypto: hisilicon/qm - restore original qos values (git-fixes).\n- crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes).\n- crypto: qat - fix duplicate restarting msg during AER error (git-fixes).\n- crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes).\n- crypto: seqiv - Do not use req-\u003eiv after crypto_aead_encrypt (git-fixes).\n- dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes).\n- dm-verity: fix unreliable memory allocation (git-fixes).\n- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386).\n- drivers/usb/dwc3: fix PCI parent check (git-fixes).\n- drm/amd/amdgpu: reserve vm invalidation engine for uni_mes (stable-fixes).\n- drm/amd/display: Check NULL before accessing (stable-fixes).\n- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 (stable-fixes).\n- drm/amd/display: Don\u0027t change brightness for disabled connectors (stable-fixes).\n- drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes).\n- drm/amd/display: Fix pbn to kbps Conversion (stable-fixes).\n- drm/amd/display: Fix scratch registers offsets for DCN35 (stable-fixes).\n- drm/amd/display: Fix scratch registers offsets for DCN351 (stable-fixes).\n- drm/amd/display: Increase DPCD read retries (stable-fixes).\n- drm/amd/display: Insert dccg log for easy debug (stable-fixes).\n- drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes).\n- drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched (git-fixes).\n- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes).\n- drm/amd/display: avoid reset DTBCLK at clock init (stable-fixes).\n- drm/amd/display: disable DPP RCG before DPP CLK enable (stable-fixes).\n- drm/amd: Skip power ungate during suspend for VPE (stable-fixes).\n- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (stable-fixes).\n- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (stable-fixes).\n- drm/amdgpu: Forward VMID reservation errors (git-fixes).\n- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes).\n- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes).\n- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes).\n- drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (stable-fixes).\n- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (stable-fixes).\n- drm/amdkfd: Fix GPU mappings for APU after prefetch (stable-fixes).\n- drm/amdkfd: Trap handler support for expert scheduling mode (stable-fixes).\n- drm/amdkfd: Use huge page size to check split svm range alignment (git-fixes).\n- drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes).\n- drm/displayid: add quirk to ignore DisplayID checksum errors (stable-fixes).\n- drm/displayid: pass iter to drm_find_displayid_extension() (stable-fixes).\n- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (stable-fixes).\n- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes).\n- drm/i915/dp: Initialize the source OUI write timestamp always (stable-fixes).\n- drm/i915/dp_mst: Disable Panel Replay (git-fixes).\n- drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes).\n- drm/i915: Fix format string truncation warning (git-fixes).\n- drm/imagination: Disallow exporting of PM/FW protected objects (git-fixes).\n- drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() (git-fixes).\n- drm/me/gsc: mei interrupt top half should be in irq disabled context (git-fixes).\n- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes).\n- drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes).\n- drm/mediatek: Fix probe device leaks (git-fixes).\n- drm/mediatek: Fix probe memory leak (git-fixes).\n- drm/mediatek: Fix probe resource leaks (git-fixes).\n- drm/mediatek: ovl_adaptor: Fix probe device leaks (git-fixes).\n- drm/mgag200: Fix big-endian support (git-fixes).\n- drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes).\n- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes).\n- drm/msm/a6xx: Fix the gemnoc workaround (git-fixes).\n- drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes).\n- drm/msm/a6xx: Improve MX rail fallback in RPMH vote init (git-fixes).\n- drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes).\n- drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes).\n- drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (git-fixes).\n- drm/nouveau/dispnv50: Don\u0027t call drm_atomic_get_crtc_state() in prepare_fb (git-fixes).\n- drm/nouveau: refactor deprecated strcpy (git-fixes).\n- drm/nouveau: restrict the flush page to a 32-bit address (git-fixes).\n- drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes).\n- drm/panel: visionox-rm69299: Don\u0027t clear all mode flags (git-fixes).\n- drm/panthor: Avoid adding of kernel BOs to extobj list (git-fixes).\n- drm/panthor: Fix UAF on kernel BO VA nodes (git-fixes).\n- drm/panthor: Fix group_free_queue() for partially initialized queues (git-fixes).\n- drm/panthor: Fix potential memleak of vma structure (git-fixes).\n- drm/panthor: Fix race with suspend during unplug (git-fixes).\n- drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (git-fixes).\n- drm/panthor: Handle errors returned by drm_sched_entity_init() (git-fixes).\n- drm/pl111: Fix error handling in pl111_amba_probe (git-fixes).\n- drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() (git-fixes).\n- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).\n- drm/sched: Fix race in drm_sched_entity_select_rq() (git-fixes).\n- drm/tilcdc: Fix removal actions in case of failed probe (git-fixes).\n- drm/tilcdc: request and mapp iomem with devres (stable-fixes).\n- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).\n- drm/vgem-fence: Fix potential deadlock on release (git-fixes).\n- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).\n- drm/xe/bo: Don\u0027t include the CCS metadata in the dma-buf sg-table (git-fixes).\n- drm/xe/oa: Disallow 0 OA property values (git-fixes).\n- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() (git-fixes).\n- drm/xe/oa: Limit num_syncs to prevent oversized allocations (git-fixes).\n- drm/xe: Adjust long-running workload timeslices to reasonable values (git-fixes).\n- drm/xe: Drop preempt-fences when destroying imported dma-bufs (git-fixes).\n- drm/xe: Fix conversion from clock ticks to milliseconds (git-fixes).\n- drm/xe: Limit num_syncs to prevent oversized allocations (git-fixes).\n- drm/xe: Prevent BIT() overflow when handling invalid prefetch region (git-fixes).\n- drm/xe: Restore engine registers before restarting schedulers after GT reset (git-fixes).\n- drm/xe: Use usleep_range for accurate long-running workload timeslicing (git-fixes).\n- drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() (git-fixes).\n- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).\n- drm: sti: fix device leaks at component probe (git-fixes).\n- efi/libstub: Avoid physical address 0x0 when doing random allocation (stable-fixes).\n- efi/libstub: Describe missing \u0027out\u0027 parameter in efi_load_initrd (git-fixes).\n- efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes).\n- efi: stmm: Fix incorrect buffer allocation method (git-fixes).\n- efi: stmm: fix kernel-doc \u0027bad line\u0027 warnings (git-fixes).\n- exfat: add a check for invalid data size (git-fixes).\n- exfat: using hweight instead of internal logic (git-fixes).\n- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).\n- ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1256366).\n- fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes).\n- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes).\n- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes).\n- fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes).\n- firewire: nosy: Fix dma_free_coherent() size (git-fixes).\n- firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes).\n- firmware: imx: scu-irq: fix OF node leak in (git-fixes).\n- firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes).\n- firmware: stratix10-svc: fix bug in saving controller data (git-fixes).\n- firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes).\n- fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025).\n- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (git-fixes).\n- genalloc.h: fix htmldocs warning (git-fixes).\n- gpio: rockchip: mark the GPIO controller as sleeping (git-fixes).\n- gpu: host1x: Fix race in syncpt alloc/free (git-fixes).\n- hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes).\n- hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes).\n- hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes).\n- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes).\n- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes).\n- hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes).\n- i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes).\n- i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes).\n- i2c: i2c.h: fix a bad kernel-doc line (git-fixes).\n- i3c: fix refcount inconsistency in i3c_master_register (git-fixes).\n- i3c: master: Inherit DMA masks and parameters from parent device (stable-fixes).\n- i3c: master: svc: Prevent incomplete IBI transaction (git-fixes).\n- idr: fix idr_alloc() returning an ID out of range (git-fixes).\n- iio: accel: bmc150: Fix irq assumption regression (stable-fixes).\n- iio: accel: fix ADXL355 startup race condition (git-fixes).\n- iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes).\n- iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes).\n- iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes).\n- iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes).\n- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes).\n- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes).\n- iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes).\n- ima: Handle error code returned by ima_filter_rule_match() (git-fixes).\n- intel_th: Fix error handling in intel_th_output_open (git-fixes).\n- ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes).\n- ipmi: Fix handling of messages with provided receive message pointer (git-fixes).\n- ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes).\n- ipmi: Rework user message limit handling (git-fixes).\n- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes).\n- kconfig/mconf: Initialize the default locale at startup (stable-fixes).\n- kconfig/nconf: Initialize the default locale at startup (stable-fixes).\n- leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes).\n- leds: leds-lp50xx: Enable chip before any communication (git-fixes).\n- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes).\n- leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes).\n- lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes).\n- mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes).\n- media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes).\n- media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes).\n- media: amphion: Add a frame flush mode for decoder (stable-fixes).\n- media: amphion: Cancel message work before releasing the VPU core (git-fixes).\n- media: amphion: Make some vpu_v4l2 functions static (stable-fixes).\n- media: amphion: Remove vpu_vb_is_codecconfig (git-fixes).\n- media: atomisp: Prefix firmware paths with \u0027intel/ipu/\u0027 (bsc#1252973).\n- media: atomisp: Remove firmware_name module parameter (bsc#1252973).\n- media: cec: Fix debugfs leak on bus_register() failure (git-fixes).\n- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes).\n- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes).\n- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes).\n- media: imx-mipi-csis: Drop extra clock enable at probe() (git-fixes).\n- media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes).\n- media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT (stable-fixes).\n- media: ov5640: fix vblank unchange issue when work at dvp mode (git-fixes).\n- media: pci: ivtv: Don\u0027t create fake v4l2_fh (stable-fixes).\n- media: pvrusb2: Fix incorrect variable used in trace message (git-fixes).\n- media: qcom: camss: Fix genpd cleanup (git-fixes).\n- media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).\n- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).\n- media: qcom: venus: fix incorrect return value (stable-fixes).\n- media: radio-isa: use dev_name to fill in bus_info (stable-fixes).\n- media: rc: st_rc: Fix reset control resource leak (git-fixes).\n- media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes).\n- media: s5p-mfc: Fix potential deadlock on condlock (stable-fixes).\n- media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes).\n- media: uvcvideo: Force UVC version to 1.0a for 0408:4033 (stable-fixes).\n- media: v4l2-mem2mem: Fix outdated documentation (git-fixes).\n- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).\n- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes).\n- media: verisilicon: Store chroma and motion vectors offset (stable-fixes).\n- media: verisilicon: g2: Use common helpers to compute chroma and mv offsets (stable-fixes).\n- media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes).\n- media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes).\n- media: vpif_capture: fix section mismatch (git-fixes).\n- media: vpif_display: fix section mismatch (git-fixes).\n- mei: gsc: add dependency on Xe driver (git-fixes).\n- mei: me: add wildcat lake P DID (stable-fixes).\n- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes).\n- mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes).\n- mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes).\n- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes).\n- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes).\n- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes).\n- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes).\n- most: usb: fix double free on late probe failure (git-fixes).\n- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes).\n- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes).\n- mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes).\n- mtd: nand: relax ECC parameter validation check (git-fixes).\n- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes).\n- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes).\n- net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes).\n- net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes).\n- net: phy: adin1100: Fix software power-down ready condition (git-fixes).\n- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes).\n- net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes).\n- net: r8169: Disable multicast filter for RTL8168H and RTL8107E (jsc#PED-14353).\n- net: rose: fix invalid array index in rose_kill_by_device() (git-fixes).\n- net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes).\n- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes).\n- net: usb: sr9700: fix incorrect command used to write single register (git-fixes).\n- net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes).\n- netdevsim: print human readable IP address (bsc#1255071).\n- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes).\n- nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223).\n- nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223).\n- nvme: Use non zero KATO for persistent discovery connections (git-fixes).\n- orangefs: fix xattr related buffer overflow.. (git-fixes).\n- perf list: Add IBM z17 event descriptions (jsc#PED-13611).\n- perf/x86/intel: Fix KASAN global-out-of-bounds warning (git-fixes).\n- phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes).\n- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes).\n- pinctrl: qcom: msm: Fix deadlock in pinmux configuration (stable-fixes).\n- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling (stable-fixes).\n- pinctrl: single: Fix incorrect type for error return variable (git-fixes).\n- pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes).\n- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes).\n- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes).\n- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally (stable-fixes).\n- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list (stable-fixes).\n- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes).\n- platform/x86: acer-wmi: Ignore backlight event (stable-fixes).\n- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes).\n- platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (git-fixes).\n- platform/x86: huawei-wmi: add keys for HONOR models (stable-fixes).\n- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes).\n- platform/x86: intel: chtwc_int33fe: don\u0027t dereference swnode args (git-fixes).\n- platform/x86: intel: punit_ipc: fix memory corruption (git-fixes).\n- platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes).\n- power: supply: apm_power: only unset own apm_get_power_status (git-fixes).\n- power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes).\n- power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes).\n- power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes).\n- power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes).\n- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187).\n- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029).\n- powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496).\n- pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes).\n- r8169: Fix spelling mistake: \u0027tx_underun\u0027 -\u003e \u0027tx_underrun\u0027 (jsc#PED-14353).\n- r8169: Use PCI_IRQ_INTX instead of PCI_IRQ_LEGACY (jsc#PED-14353).\n- r8169: add MODULE_FIRMWARE entry for RTL8126A (jsc#PED-14353).\n- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353).\n- r8169: add generic rtl_set_eee_txidle_timer function (jsc#PED-14353).\n- r8169: add missing MODULE_FIRMWARE entry for RTL8126A rev.b (jsc#PED-14353).\n- r8169: add support for Intel Killer E5000 (jsc#PED-14353).\n- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).\n- r8169: add support for RTL8125D (jsc#PED-14353).\n- r8169: add support for RTL8125D rev.b (jsc#PED-14353).\n- r8169: add support for RTL8126A rev.b (jsc#PED-14353).\n- r8169: add support for RTL8168M (jsc#PED-14353).\n- r8169: add support for returning tx_lpi_timer in ethtool get_eee (jsc#PED-14353).\n- r8169: add support for the temperature sensor being available from RTL8125B (jsc#PED-14353).\n- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).\n- r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353).\n- r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353).\n- r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353).\n- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353).\n- r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353).\n- r8169: avoid unsolicited interrupts (jsc#PED-14353).\n- r8169: check for PCI read error in probe (jsc#PED-14353).\n- r8169: disable ALDPS per default for RTL8125 (jsc#PED-14353).\n- r8169: disable RTL8126 ZRX-DC timeout (jsc#PED-14353).\n- r8169: disable interrupt source RxOverflow (jsc#PED-14353).\n- r8169: don\u0027t apply UDP padding quirk on RTL8126A (jsc#PED-14353).\n- r8169: don\u0027t increment tx_dropped in case of NETDEV_TX_BUSY (jsc#PED-14353).\n- r8169: don\u0027t scan PHY addresses \u003e 0 (jsc#PED-14353).\n- r8169: don\u0027t take RTNL lock in rtl_task() (jsc#PED-14353).\n- r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353).\n- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353).\n- r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes).\n- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353).\n- r8169: implement additional ethtool stats ops (jsc#PED-14353).\n- r8169: improve RTL8411b phy-down fixup (jsc#PED-14353).\n- r8169: improve __rtl8169_set_wol (jsc#PED-14353).\n- r8169: improve handling task scheduling (jsc#PED-14353).\n- r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353).\n- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).\n- r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353).\n- r8169: remove detection of chip version 11 (early RTL8168b) (jsc#PED-14353).\n- r8169: remove leftover locks after reverted change (jsc#PED-14353).\n- r8169: remove multicast filter limit (jsc#PED-14353).\n- r8169: remove not needed check in rtl_fw_write_firmware (jsc#PED-14353).\n- r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353).\n- r8169: remove redundant hwmon support (jsc#PED-14353).\n- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).\n- r8169: remove support for chip version 11 (jsc#PED-14353).\n- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353).\n- r8169: set EEE speed down ratio to 1 (stable-fixes).\n- r8169: simplify EEE handling (jsc#PED-14353).\n- r8169: simplify code by using core-provided pcpu stats allocation (jsc#PED-14353).\n- r8169: support setting the EEE tx idle timer on RTL8168h (jsc#PED-14353).\n- r8169: use dev_err_probe in all appropriate places in rtl_init_one() (jsc#PED-14353).\n- r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353).\n- regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes).\n- regulator: core: disable supply if enabling main regulator fails (git-fixes).\n- reset: fix BIT macro reference (stable-fixes).\n- rpmsg: glink: fix rpmsg device leak (git-fixes).\n- rtc: gamecube: Check the return value of ioremap() (git-fixes).\n- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).\n- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).\n- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).\n- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).\n- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).\n- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).\n- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).\n- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).\n- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).\n- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).\n- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251752 jsc#PED-14280).\n- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251752 jsc#PED-14280).\n- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251752 jsc#PED-14280).\n- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251752 jsc#PED-14280).\n- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251752 jsc#PED-14280).\n- scsi: mpi3mr: Update driver version to 8.14.0.5.50 (bsc#1251752 jsc#PED-14280).\n- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251752 jsc#PED-14280).\n- selftests/bpf: Skip timer cases when bpf_timer is not supported (git-fixes).\n- selftests/net: calibrate txtimestamp (bsc#1255085).\n- selftests/net: convert fcnal-test.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert fib-onlink-tests.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert fib_nexthop_multiprefix to run it in unique namespace (bsc#1254235).\n- selftests/net: convert fib_nexthop_nongw.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert fib_nexthops.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert fib_rule_tests.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert fib_tests.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert srv6_end_dt46_l3vpn_test.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert srv6_end_dt4_l3vpn_test.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert srv6_end_dt6_l3vpn_test.sh to run it in unique namespace (bsc#1254235).\n- selftests/net: convert test_vxlan_vnifiltering.sh to run it in unique namespace (bsc#1255349).\n- selftests/net: convert vrf_route_leaking.sh to run it in unique namespace (bsc#1255349).\n- selftests/net: synchronize udpgro tests\u0027 tx and rx connection (bsc#1254235).\n- selftests: Introduce Makefile variable to list shared bash scripts (bsc#1254235).\n- selftests: bonding: Add net/forwarding/lib.sh to TEST_INCLUDES (bsc#1254235).\n- selftests: dsa: Replace test symlinks by wrapper script (bsc#1254235).\n- selftests: net: Remove executable bits from library scripts (bsc#1254235).\n- selftests: net: explicitly wait for listener ready (bsc#1254235).\n- selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346).\n- selftests: net: include forwarding lib (bsc#1254235).\n- selftests: net: included needed helper in the install targets (bsc#1254235).\n- selftests: net: more strict check in net_helper (bsc#1254235).\n- selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349).\n- selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349).\n- selftests: net: veth: test the ability to independently manipulate GRO and XDP (bsc#1255101).\n- selftests: team: Add shared library scripts to TEST_INCLUDES (bsc#1254235).\n- selftests: vrf_route_leaking: remove ipv6_ping_frag from default testing (bsc#1255349).\n- serial: add support of CPCI cards (stable-fixes).\n- serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes).\n- serial: core: Fix serial device initialization (git-fixes).\n- serial: core: Restore sysfs fwnode information (git-fixes).\n- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes).\n- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes).\n- smc91x: fix broken irq-context in PREEMPT_RT (git-fixes).\n- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).\n- soc: amlogic: canvas: fix device leak on lookup (git-fixes).\n- soc: qcom: ocmem: fix device leak on lookup (git-fixes).\n- soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes).\n- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes).\n- spi: bcm63xx: drop wrong casts in probe() (git-fixes).\n- spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes).\n- spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes).\n- spi: imx: keep dma request disabled before dma transfer setup (stable-fixes).\n- spi: tegra210-qspi: Remove cache operations (git-fixes).\n- spi: tegra210-quad: Add support for internal DMA (git-fixes).\n- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155).\n- spi: tegra210-quad: Fix timeout handling (bsc#1253155).\n- spi: tegra210-quad: Fix timeout handling (git-fixes).\n- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155).\n- spi: tegra210-quad: Update dummy sequence configuration (git-fixes).\n- spi: xilinx: increase number of retries before declaring stall (stable-fixes).\n- staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes).\n- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (stable-fixes).\n- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (stable-fixes).\n- thunderbolt: Add support for Intel Wildcat Lake (stable-fixes).\n- tick/sched: Limit non-timekeeper CPUs calling jiffies update (bsc#1254477).\n- tracing: Fix access to trace_event_file (bsc#1254373).\n- uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes).\n- usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes).\n- usb: chaoskey: fix locking for O_NONBLOCK (git-fixes).\n- usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes).\n- usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes).\n- usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes).\n- usb: dwc2: fix hang during suspend if set as peripheral (git-fixes).\n- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).\n- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes).\n- usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes).\n- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes).\n- usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes).\n- usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes).\n- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).\n- usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes).\n- usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes).\n- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes).\n- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes).\n- usb: ohci-nxp: Use helper function devm_clk_get_enabled() (stable-fixes).\n- usb: ohci-nxp: fix device leak on probe failure (git-fixes).\n- usb: phy: Initialize struct usb_phy list_head (git-fixes).\n- usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes).\n- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes).\n- usb: raw-gadget: do not limit transfer length (git-fixes).\n- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes).\n- usb: storage: Fix memory leak in USB bulk transport (git-fixes).\n- usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes).\n- usb: typec: tipd: Clear interrupts first (git-fixes).\n- usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes).\n- usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes).\n- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes).\n- usb: udc: Add trace event for usb_gadget_set_state (stable-fixes).\n- usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes).\n- usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes).\n- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).\n- usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes).\n- usbip: Fix locking bug in RT-enabled kernels (stable-fixes).\n- via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes).\n- virtio_console: fix order of fields cols and rows (stable-fixes).\n- watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes).\n- wifi: ath10k: Add missing include of export.h (stable-fixes).\n- wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes).\n- wifi: ath10k: move recovery check logic into a new work (git-fixes).\n- wifi: ath11k: fix peer HE MCS assignment (git-fixes).\n- wifi: ath11k: restore register window after global reset (git-fixes).\n- wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() (git-fixes).\n- wifi: avoid kernel-infoleak from struct iw_point (git-fixes).\n- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes).\n- wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes).\n- wifi: cfg80211: stop radar detection in cfg80211_leave() (stable-fixes).\n- wifi: cfg80211: use cfg80211_leave() in iftype change (stable-fixes).\n- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes).\n- wifi: ieee80211: correct FILS status codes (git-fixes).\n- wifi: mac80211: do not use old MBSSID elements (git-fixes).\n- wifi: mac80211: fix CMAC functions not handling errors (git-fixes).\n- wifi: mac80211: restore non-chanctx injection behaviour (git-fixes).\n- wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes).\n- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (stable-fixes).\n- wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (stable-fixes).\n- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (stable-fixes).\n- wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes).\n- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes).\n- wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes).\n- wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes).\n- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 (stable-fixes).\n- wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes).\n- x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes).\n- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).\n- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528).\n- x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528).\n- x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528).\n- x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528).\n- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528).\n- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528).\n- x86/microcode/AMD: Fix __apply_microcode_amd()\u0027s return value (bsc#1256528).\n- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528).\n- x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528).\n- x86/microcode/AMD: Select which microcode patch to load (bsc#1256528).\n- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528).\n- x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528).\n- xhci: dbgtty: fix device unregister (git-fixes).\n- xhci: fix stale flag preventig URBs after link state error is cleared (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-278,SUSE-SLE-Module-Live-Patching-15-SP7-2026-278,SUSE-SLE-Module-RT-15-SP7-2026-278",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0278-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0278-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260278-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0278-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023906.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1205462",
"url": "https://bugzilla.suse.com/1205462"
},
{
"category": "self",
"summary": "SUSE Bug 1214285",
"url": "https://bugzilla.suse.com/1214285"
},
{
"category": "self",
"summary": "SUSE Bug 1214635",
"url": "https://bugzilla.suse.com/1214635"
},
{
"category": "self",
"summary": "SUSE Bug 1214847",
"url": "https://bugzilla.suse.com/1214847"
},
{
"category": "self",
"summary": "SUSE Bug 1215146",
"url": "https://bugzilla.suse.com/1215146"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1215344",
"url": "https://bugzilla.suse.com/1215344"
},
{
"category": "self",
"summary": "SUSE Bug 1216062",
"url": "https://bugzilla.suse.com/1216062"
},
{
"category": "self",
"summary": "SUSE Bug 1216436",
"url": "https://bugzilla.suse.com/1216436"
},
{
"category": "self",
"summary": "SUSE Bug 1219165",
"url": "https://bugzilla.suse.com/1219165"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1223731",
"url": "https://bugzilla.suse.com/1223731"
},
{
"category": "self",
"summary": "SUSE Bug 1232223",
"url": "https://bugzilla.suse.com/1232223"
},
{
"category": "self",
"summary": "SUSE Bug 1234163",
"url": "https://bugzilla.suse.com/1234163"
},
{
"category": "self",
"summary": "SUSE Bug 1243112",
"url": "https://bugzilla.suse.com/1243112"
},
{
"category": "self",
"summary": "SUSE Bug 1245193",
"url": "https://bugzilla.suse.com/1245193"
},
{
"category": "self",
"summary": "SUSE Bug 1245449",
"url": "https://bugzilla.suse.com/1245449"
},
{
"category": "self",
"summary": "SUSE Bug 1246328",
"url": "https://bugzilla.suse.com/1246328"
},
{
"category": "self",
"summary": "SUSE Bug 1247500",
"url": "https://bugzilla.suse.com/1247500"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249256",
"url": "https://bugzilla.suse.com/1249256"
},
{
"category": "self",
"summary": "SUSE Bug 1251752",
"url": "https://bugzilla.suse.com/1251752"
},
{
"category": "self",
"summary": "SUSE Bug 1252046",
"url": "https://bugzilla.suse.com/1252046"
},
{
"category": "self",
"summary": "SUSE Bug 1252342",
"url": "https://bugzilla.suse.com/1252342"
},
{
"category": "self",
"summary": "SUSE Bug 1252686",
"url": "https://bugzilla.suse.com/1252686"
},
{
"category": "self",
"summary": "SUSE Bug 1252776",
"url": "https://bugzilla.suse.com/1252776"
},
{
"category": "self",
"summary": "SUSE Bug 1252808",
"url": "https://bugzilla.suse.com/1252808"
},
{
"category": "self",
"summary": "SUSE Bug 1252824",
"url": "https://bugzilla.suse.com/1252824"
},
{
"category": "self",
"summary": "SUSE Bug 1252861",
"url": "https://bugzilla.suse.com/1252861"
},
{
"category": "self",
"summary": "SUSE Bug 1252919",
"url": "https://bugzilla.suse.com/1252919"
},
{
"category": "self",
"summary": "SUSE Bug 1252973",
"url": "https://bugzilla.suse.com/1252973"
},
{
"category": "self",
"summary": "SUSE Bug 1253155",
"url": "https://bugzilla.suse.com/1253155"
},
{
"category": "self",
"summary": "SUSE Bug 1253262",
"url": "https://bugzilla.suse.com/1253262"
},
{
"category": "self",
"summary": "SUSE Bug 1253342",
"url": "https://bugzilla.suse.com/1253342"
},
{
"category": "self",
"summary": "SUSE Bug 1253365",
"url": "https://bugzilla.suse.com/1253365"
},
{
"category": "self",
"summary": "SUSE Bug 1253386",
"url": "https://bugzilla.suse.com/1253386"
},
{
"category": "self",
"summary": "SUSE Bug 1253400",
"url": "https://bugzilla.suse.com/1253400"
},
{
"category": "self",
"summary": "SUSE Bug 1253402",
"url": "https://bugzilla.suse.com/1253402"
},
{
"category": "self",
"summary": "SUSE Bug 1253408",
"url": "https://bugzilla.suse.com/1253408"
},
{
"category": "self",
"summary": "SUSE Bug 1253413",
"url": "https://bugzilla.suse.com/1253413"
},
{
"category": "self",
"summary": "SUSE Bug 1253442",
"url": "https://bugzilla.suse.com/1253442"
},
{
"category": "self",
"summary": "SUSE Bug 1253458",
"url": "https://bugzilla.suse.com/1253458"
},
{
"category": "self",
"summary": "SUSE Bug 1253463",
"url": "https://bugzilla.suse.com/1253463"
},
{
"category": "self",
"summary": "SUSE Bug 1253623",
"url": "https://bugzilla.suse.com/1253623"
},
{
"category": "self",
"summary": "SUSE Bug 1253647",
"url": "https://bugzilla.suse.com/1253647"
},
{
"category": "self",
"summary": "SUSE Bug 1253674",
"url": "https://bugzilla.suse.com/1253674"
},
{
"category": "self",
"summary": "SUSE Bug 1253739",
"url": "https://bugzilla.suse.com/1253739"
},
{
"category": "self",
"summary": "SUSE Bug 1254119",
"url": "https://bugzilla.suse.com/1254119"
},
{
"category": "self",
"summary": "SUSE Bug 1254126",
"url": "https://bugzilla.suse.com/1254126"
},
{
"category": "self",
"summary": "SUSE Bug 1254235",
"url": "https://bugzilla.suse.com/1254235"
},
{
"category": "self",
"summary": "SUSE Bug 1254244",
"url": "https://bugzilla.suse.com/1254244"
},
{
"category": "self",
"summary": "SUSE Bug 1254363",
"url": "https://bugzilla.suse.com/1254363"
},
{
"category": "self",
"summary": "SUSE Bug 1254373",
"url": "https://bugzilla.suse.com/1254373"
},
{
"category": "self",
"summary": "SUSE Bug 1254378",
"url": "https://bugzilla.suse.com/1254378"
},
{
"category": "self",
"summary": "SUSE Bug 1254477",
"url": "https://bugzilla.suse.com/1254477"
},
{
"category": "self",
"summary": "SUSE Bug 1254518",
"url": "https://bugzilla.suse.com/1254518"
},
{
"category": "self",
"summary": "SUSE Bug 1254520",
"url": "https://bugzilla.suse.com/1254520"
},
{
"category": "self",
"summary": "SUSE Bug 1254599",
"url": "https://bugzilla.suse.com/1254599"
},
{
"category": "self",
"summary": "SUSE Bug 1254606",
"url": "https://bugzilla.suse.com/1254606"
},
{
"category": "self",
"summary": "SUSE Bug 1254611",
"url": "https://bugzilla.suse.com/1254611"
},
{
"category": "self",
"summary": "SUSE Bug 1254613",
"url": "https://bugzilla.suse.com/1254613"
},
{
"category": "self",
"summary": "SUSE Bug 1254615",
"url": "https://bugzilla.suse.com/1254615"
},
{
"category": "self",
"summary": "SUSE Bug 1254616",
"url": "https://bugzilla.suse.com/1254616"
},
{
"category": "self",
"summary": "SUSE Bug 1254621",
"url": "https://bugzilla.suse.com/1254621"
},
{
"category": "self",
"summary": "SUSE Bug 1254623",
"url": "https://bugzilla.suse.com/1254623"
},
{
"category": "self",
"summary": "SUSE Bug 1254626",
"url": "https://bugzilla.suse.com/1254626"
},
{
"category": "self",
"summary": "SUSE Bug 1254648",
"url": "https://bugzilla.suse.com/1254648"
},
{
"category": "self",
"summary": "SUSE Bug 1254649",
"url": "https://bugzilla.suse.com/1254649"
},
{
"category": "self",
"summary": "SUSE Bug 1254653",
"url": "https://bugzilla.suse.com/1254653"
},
{
"category": "self",
"summary": "SUSE Bug 1254655",
"url": "https://bugzilla.suse.com/1254655"
},
{
"category": "self",
"summary": "SUSE Bug 1254657",
"url": "https://bugzilla.suse.com/1254657"
},
{
"category": "self",
"summary": "SUSE Bug 1254660",
"url": "https://bugzilla.suse.com/1254660"
},
{
"category": "self",
"summary": "SUSE Bug 1254661",
"url": "https://bugzilla.suse.com/1254661"
},
{
"category": "self",
"summary": "SUSE Bug 1254663",
"url": "https://bugzilla.suse.com/1254663"
},
{
"category": "self",
"summary": "SUSE Bug 1254669",
"url": "https://bugzilla.suse.com/1254669"
},
{
"category": "self",
"summary": "SUSE Bug 1254677",
"url": "https://bugzilla.suse.com/1254677"
},
{
"category": "self",
"summary": "SUSE Bug 1254678",
"url": "https://bugzilla.suse.com/1254678"
},
{
"category": "self",
"summary": "SUSE Bug 1254688",
"url": "https://bugzilla.suse.com/1254688"
},
{
"category": "self",
"summary": "SUSE Bug 1254690",
"url": "https://bugzilla.suse.com/1254690"
},
{
"category": "self",
"summary": "SUSE Bug 1254691",
"url": "https://bugzilla.suse.com/1254691"
},
{
"category": "self",
"summary": "SUSE Bug 1254693",
"url": "https://bugzilla.suse.com/1254693"
},
{
"category": "self",
"summary": "SUSE Bug 1254695",
"url": "https://bugzilla.suse.com/1254695"
},
{
"category": "self",
"summary": "SUSE Bug 1254698",
"url": "https://bugzilla.suse.com/1254698"
},
{
"category": "self",
"summary": "SUSE Bug 1254701",
"url": "https://bugzilla.suse.com/1254701"
},
{
"category": "self",
"summary": "SUSE Bug 1254704",
"url": "https://bugzilla.suse.com/1254704"
},
{
"category": "self",
"summary": "SUSE Bug 1254705",
"url": "https://bugzilla.suse.com/1254705"
},
{
"category": "self",
"summary": "SUSE Bug 1254707",
"url": "https://bugzilla.suse.com/1254707"
},
{
"category": "self",
"summary": "SUSE Bug 1254712",
"url": "https://bugzilla.suse.com/1254712"
},
{
"category": "self",
"summary": "SUSE Bug 1254715",
"url": "https://bugzilla.suse.com/1254715"
},
{
"category": "self",
"summary": "SUSE Bug 1254717",
"url": "https://bugzilla.suse.com/1254717"
},
{
"category": "self",
"summary": "SUSE Bug 1254723",
"url": "https://bugzilla.suse.com/1254723"
},
{
"category": "self",
"summary": "SUSE Bug 1254724",
"url": "https://bugzilla.suse.com/1254724"
},
{
"category": "self",
"summary": "SUSE Bug 1254732",
"url": "https://bugzilla.suse.com/1254732"
},
{
"category": "self",
"summary": "SUSE Bug 1254733",
"url": "https://bugzilla.suse.com/1254733"
},
{
"category": "self",
"summary": "SUSE Bug 1254737",
"url": "https://bugzilla.suse.com/1254737"
},
{
"category": "self",
"summary": "SUSE Bug 1254739",
"url": "https://bugzilla.suse.com/1254739"
},
{
"category": "self",
"summary": "SUSE Bug 1254742",
"url": "https://bugzilla.suse.com/1254742"
},
{
"category": "self",
"summary": "SUSE Bug 1254743",
"url": "https://bugzilla.suse.com/1254743"
},
{
"category": "self",
"summary": "SUSE Bug 1254749",
"url": "https://bugzilla.suse.com/1254749"
},
{
"category": "self",
"summary": "SUSE Bug 1254750",
"url": "https://bugzilla.suse.com/1254750"
},
{
"category": "self",
"summary": "SUSE Bug 1254753",
"url": "https://bugzilla.suse.com/1254753"
},
{
"category": "self",
"summary": "SUSE Bug 1254754",
"url": "https://bugzilla.suse.com/1254754"
},
{
"category": "self",
"summary": "SUSE Bug 1254758",
"url": "https://bugzilla.suse.com/1254758"
},
{
"category": "self",
"summary": "SUSE Bug 1254761",
"url": "https://bugzilla.suse.com/1254761"
},
{
"category": "self",
"summary": "SUSE Bug 1254762",
"url": "https://bugzilla.suse.com/1254762"
},
{
"category": "self",
"summary": "SUSE Bug 1254765",
"url": "https://bugzilla.suse.com/1254765"
},
{
"category": "self",
"summary": "SUSE Bug 1254782",
"url": "https://bugzilla.suse.com/1254782"
},
{
"category": "self",
"summary": "SUSE Bug 1254791",
"url": "https://bugzilla.suse.com/1254791"
},
{
"category": "self",
"summary": "SUSE Bug 1254793",
"url": "https://bugzilla.suse.com/1254793"
},
{
"category": "self",
"summary": "SUSE Bug 1254794",
"url": "https://bugzilla.suse.com/1254794"
},
{
"category": "self",
"summary": "SUSE Bug 1254795",
"url": "https://bugzilla.suse.com/1254795"
},
{
"category": "self",
"summary": "SUSE Bug 1254796",
"url": "https://bugzilla.suse.com/1254796"
},
{
"category": "self",
"summary": "SUSE Bug 1254797",
"url": "https://bugzilla.suse.com/1254797"
},
{
"category": "self",
"summary": "SUSE Bug 1254798",
"url": "https://bugzilla.suse.com/1254798"
},
{
"category": "self",
"summary": "SUSE Bug 1254813",
"url": "https://bugzilla.suse.com/1254813"
},
{
"category": "self",
"summary": "SUSE Bug 1254815",
"url": "https://bugzilla.suse.com/1254815"
},
{
"category": "self",
"summary": "SUSE Bug 1254824",
"url": "https://bugzilla.suse.com/1254824"
},
{
"category": "self",
"summary": "SUSE Bug 1254825",
"url": "https://bugzilla.suse.com/1254825"
},
{
"category": "self",
"summary": "SUSE Bug 1254827",
"url": "https://bugzilla.suse.com/1254827"
},
{
"category": "self",
"summary": "SUSE Bug 1254828",
"url": "https://bugzilla.suse.com/1254828"
},
{
"category": "self",
"summary": "SUSE Bug 1254829",
"url": "https://bugzilla.suse.com/1254829"
},
{
"category": "self",
"summary": "SUSE Bug 1254830",
"url": "https://bugzilla.suse.com/1254830"
},
{
"category": "self",
"summary": "SUSE Bug 1254832",
"url": "https://bugzilla.suse.com/1254832"
},
{
"category": "self",
"summary": "SUSE Bug 1254840",
"url": "https://bugzilla.suse.com/1254840"
},
{
"category": "self",
"summary": "SUSE Bug 1254843",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "self",
"summary": "SUSE Bug 1254846",
"url": "https://bugzilla.suse.com/1254846"
},
{
"category": "self",
"summary": "SUSE Bug 1254847",
"url": "https://bugzilla.suse.com/1254847"
},
{
"category": "self",
"summary": "SUSE Bug 1254849",
"url": "https://bugzilla.suse.com/1254849"
},
{
"category": "self",
"summary": "SUSE Bug 1254850",
"url": "https://bugzilla.suse.com/1254850"
},
{
"category": "self",
"summary": "SUSE Bug 1254851",
"url": "https://bugzilla.suse.com/1254851"
},
{
"category": "self",
"summary": "SUSE Bug 1254854",
"url": "https://bugzilla.suse.com/1254854"
},
{
"category": "self",
"summary": "SUSE Bug 1254856",
"url": "https://bugzilla.suse.com/1254856"
},
{
"category": "self",
"summary": "SUSE Bug 1254858",
"url": "https://bugzilla.suse.com/1254858"
},
{
"category": "self",
"summary": "SUSE Bug 1254860",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "self",
"summary": "SUSE Bug 1254864",
"url": "https://bugzilla.suse.com/1254864"
},
{
"category": "self",
"summary": "SUSE Bug 1254869",
"url": "https://bugzilla.suse.com/1254869"
},
{
"category": "self",
"summary": "SUSE Bug 1254894",
"url": "https://bugzilla.suse.com/1254894"
},
{
"category": "self",
"summary": "SUSE Bug 1254918",
"url": "https://bugzilla.suse.com/1254918"
},
{
"category": "self",
"summary": "SUSE Bug 1254957",
"url": "https://bugzilla.suse.com/1254957"
},
{
"category": "self",
"summary": "SUSE Bug 1254959",
"url": "https://bugzilla.suse.com/1254959"
},
{
"category": "self",
"summary": "SUSE Bug 1254983",
"url": "https://bugzilla.suse.com/1254983"
},
{
"category": "self",
"summary": "SUSE Bug 1254996",
"url": "https://bugzilla.suse.com/1254996"
},
{
"category": "self",
"summary": "SUSE Bug 1255005",
"url": "https://bugzilla.suse.com/1255005"
},
{
"category": "self",
"summary": "SUSE Bug 1255009",
"url": "https://bugzilla.suse.com/1255009"
},
{
"category": "self",
"summary": "SUSE Bug 1255025",
"url": "https://bugzilla.suse.com/1255025"
},
{
"category": "self",
"summary": "SUSE Bug 1255026",
"url": "https://bugzilla.suse.com/1255026"
},
{
"category": "self",
"summary": "SUSE Bug 1255030",
"url": "https://bugzilla.suse.com/1255030"
},
{
"category": "self",
"summary": "SUSE Bug 1255033",
"url": "https://bugzilla.suse.com/1255033"
},
{
"category": "self",
"summary": "SUSE Bug 1255034",
"url": "https://bugzilla.suse.com/1255034"
},
{
"category": "self",
"summary": "SUSE Bug 1255035",
"url": "https://bugzilla.suse.com/1255035"
},
{
"category": "self",
"summary": "SUSE Bug 1255039",
"url": "https://bugzilla.suse.com/1255039"
},
{
"category": "self",
"summary": "SUSE Bug 1255041",
"url": "https://bugzilla.suse.com/1255041"
},
{
"category": "self",
"summary": "SUSE Bug 1255042",
"url": "https://bugzilla.suse.com/1255042"
},
{
"category": "self",
"summary": "SUSE Bug 1255046",
"url": "https://bugzilla.suse.com/1255046"
},
{
"category": "self",
"summary": "SUSE Bug 1255057",
"url": "https://bugzilla.suse.com/1255057"
},
{
"category": "self",
"summary": "SUSE Bug 1255062",
"url": "https://bugzilla.suse.com/1255062"
},
{
"category": "self",
"summary": "SUSE Bug 1255064",
"url": "https://bugzilla.suse.com/1255064"
},
{
"category": "self",
"summary": "SUSE Bug 1255065",
"url": "https://bugzilla.suse.com/1255065"
},
{
"category": "self",
"summary": "SUSE Bug 1255068",
"url": "https://bugzilla.suse.com/1255068"
},
{
"category": "self",
"summary": "SUSE Bug 1255071",
"url": "https://bugzilla.suse.com/1255071"
},
{
"category": "self",
"summary": "SUSE Bug 1255072",
"url": "https://bugzilla.suse.com/1255072"
},
{
"category": "self",
"summary": "SUSE Bug 1255075",
"url": "https://bugzilla.suse.com/1255075"
},
{
"category": "self",
"summary": "SUSE Bug 1255077",
"url": "https://bugzilla.suse.com/1255077"
},
{
"category": "self",
"summary": "SUSE Bug 1255081",
"url": "https://bugzilla.suse.com/1255081"
},
{
"category": "self",
"summary": "SUSE Bug 1255082",
"url": "https://bugzilla.suse.com/1255082"
},
{
"category": "self",
"summary": "SUSE Bug 1255083",
"url": "https://bugzilla.suse.com/1255083"
},
{
"category": "self",
"summary": "SUSE Bug 1255085",
"url": "https://bugzilla.suse.com/1255085"
},
{
"category": "self",
"summary": "SUSE Bug 1255087",
"url": "https://bugzilla.suse.com/1255087"
},
{
"category": "self",
"summary": "SUSE Bug 1255092",
"url": "https://bugzilla.suse.com/1255092"
},
{
"category": "self",
"summary": "SUSE Bug 1255094",
"url": "https://bugzilla.suse.com/1255094"
},
{
"category": "self",
"summary": "SUSE Bug 1255095",
"url": "https://bugzilla.suse.com/1255095"
},
{
"category": "self",
"summary": "SUSE Bug 1255097",
"url": "https://bugzilla.suse.com/1255097"
},
{
"category": "self",
"summary": "SUSE Bug 1255100",
"url": "https://bugzilla.suse.com/1255100"
},
{
"category": "self",
"summary": "SUSE Bug 1255101",
"url": "https://bugzilla.suse.com/1255101"
},
{
"category": "self",
"summary": "SUSE Bug 1255116",
"url": "https://bugzilla.suse.com/1255116"
},
{
"category": "self",
"summary": "SUSE Bug 1255121",
"url": "https://bugzilla.suse.com/1255121"
},
{
"category": "self",
"summary": "SUSE Bug 1255122",
"url": "https://bugzilla.suse.com/1255122"
},
{
"category": "self",
"summary": "SUSE Bug 1255124",
"url": "https://bugzilla.suse.com/1255124"
},
{
"category": "self",
"summary": "SUSE Bug 1255131",
"url": "https://bugzilla.suse.com/1255131"
},
{
"category": "self",
"summary": "SUSE Bug 1255134",
"url": "https://bugzilla.suse.com/1255134"
},
{
"category": "self",
"summary": "SUSE Bug 1255135",
"url": "https://bugzilla.suse.com/1255135"
},
{
"category": "self",
"summary": "SUSE Bug 1255136",
"url": "https://bugzilla.suse.com/1255136"
},
{
"category": "self",
"summary": "SUSE Bug 1255142",
"url": "https://bugzilla.suse.com/1255142"
},
{
"category": "self",
"summary": "SUSE Bug 1255145",
"url": "https://bugzilla.suse.com/1255145"
},
{
"category": "self",
"summary": "SUSE Bug 1255146",
"url": "https://bugzilla.suse.com/1255146"
},
{
"category": "self",
"summary": "SUSE Bug 1255149",
"url": "https://bugzilla.suse.com/1255149"
},
{
"category": "self",
"summary": "SUSE Bug 1255152",
"url": "https://bugzilla.suse.com/1255152"
},
{
"category": "self",
"summary": "SUSE Bug 1255154",
"url": "https://bugzilla.suse.com/1255154"
},
{
"category": "self",
"summary": "SUSE Bug 1255155",
"url": "https://bugzilla.suse.com/1255155"
},
{
"category": "self",
"summary": "SUSE Bug 1255163",
"url": "https://bugzilla.suse.com/1255163"
},
{
"category": "self",
"summary": "SUSE Bug 1255167",
"url": "https://bugzilla.suse.com/1255167"
},
{
"category": "self",
"summary": "SUSE Bug 1255169",
"url": "https://bugzilla.suse.com/1255169"
},
{
"category": "self",
"summary": "SUSE Bug 1255171",
"url": "https://bugzilla.suse.com/1255171"
},
{
"category": "self",
"summary": "SUSE Bug 1255175",
"url": "https://bugzilla.suse.com/1255175"
},
{
"category": "self",
"summary": "SUSE Bug 1255179",
"url": "https://bugzilla.suse.com/1255179"
},
{
"category": "self",
"summary": "SUSE Bug 1255181",
"url": "https://bugzilla.suse.com/1255181"
},
{
"category": "self",
"summary": "SUSE Bug 1255182",
"url": "https://bugzilla.suse.com/1255182"
},
{
"category": "self",
"summary": "SUSE Bug 1255187",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "self",
"summary": "SUSE Bug 1255190",
"url": "https://bugzilla.suse.com/1255190"
},
{
"category": "self",
"summary": "SUSE Bug 1255193",
"url": "https://bugzilla.suse.com/1255193"
},
{
"category": "self",
"summary": "SUSE Bug 1255196",
"url": "https://bugzilla.suse.com/1255196"
},
{
"category": "self",
"summary": "SUSE Bug 1255197",
"url": "https://bugzilla.suse.com/1255197"
},
{
"category": "self",
"summary": "SUSE Bug 1255199",
"url": "https://bugzilla.suse.com/1255199"
},
{
"category": "self",
"summary": "SUSE Bug 1255202",
"url": "https://bugzilla.suse.com/1255202"
},
{
"category": "self",
"summary": "SUSE Bug 1255203",
"url": "https://bugzilla.suse.com/1255203"
},
{
"category": "self",
"summary": "SUSE Bug 1255206",
"url": "https://bugzilla.suse.com/1255206"
},
{
"category": "self",
"summary": "SUSE Bug 1255209",
"url": "https://bugzilla.suse.com/1255209"
},
{
"category": "self",
"summary": "SUSE Bug 1255218",
"url": "https://bugzilla.suse.com/1255218"
},
{
"category": "self",
"summary": "SUSE Bug 1255220",
"url": "https://bugzilla.suse.com/1255220"
},
{
"category": "self",
"summary": "SUSE Bug 1255221",
"url": "https://bugzilla.suse.com/1255221"
},
{
"category": "self",
"summary": "SUSE Bug 1255224",
"url": "https://bugzilla.suse.com/1255224"
},
{
"category": "self",
"summary": "SUSE Bug 1255227",
"url": "https://bugzilla.suse.com/1255227"
},
{
"category": "self",
"summary": "SUSE Bug 1255230",
"url": "https://bugzilla.suse.com/1255230"
},
{
"category": "self",
"summary": "SUSE Bug 1255233",
"url": "https://bugzilla.suse.com/1255233"
},
{
"category": "self",
"summary": "SUSE Bug 1255234",
"url": "https://bugzilla.suse.com/1255234"
},
{
"category": "self",
"summary": "SUSE Bug 1255242",
"url": "https://bugzilla.suse.com/1255242"
},
{
"category": "self",
"summary": "SUSE Bug 1255245",
"url": "https://bugzilla.suse.com/1255245"
},
{
"category": "self",
"summary": "SUSE Bug 1255246",
"url": "https://bugzilla.suse.com/1255246"
},
{
"category": "self",
"summary": "SUSE Bug 1255247",
"url": "https://bugzilla.suse.com/1255247"
},
{
"category": "self",
"summary": "SUSE Bug 1255251",
"url": "https://bugzilla.suse.com/1255251"
},
{
"category": "self",
"summary": "SUSE Bug 1255252",
"url": "https://bugzilla.suse.com/1255252"
},
{
"category": "self",
"summary": "SUSE Bug 1255253",
"url": "https://bugzilla.suse.com/1255253"
},
{
"category": "self",
"summary": "SUSE Bug 1255256",
"url": "https://bugzilla.suse.com/1255256"
},
{
"category": "self",
"summary": "SUSE Bug 1255259",
"url": "https://bugzilla.suse.com/1255259"
},
{
"category": "self",
"summary": "SUSE Bug 1255262",
"url": "https://bugzilla.suse.com/1255262"
},
{
"category": "self",
"summary": "SUSE Bug 1255272",
"url": "https://bugzilla.suse.com/1255272"
},
{
"category": "self",
"summary": "SUSE Bug 1255273",
"url": "https://bugzilla.suse.com/1255273"
},
{
"category": "self",
"summary": "SUSE Bug 1255274",
"url": "https://bugzilla.suse.com/1255274"
},
{
"category": "self",
"summary": "SUSE Bug 1255276",
"url": "https://bugzilla.suse.com/1255276"
},
{
"category": "self",
"summary": "SUSE Bug 1255279",
"url": "https://bugzilla.suse.com/1255279"
},
{
"category": "self",
"summary": "SUSE Bug 1255280",
"url": "https://bugzilla.suse.com/1255280"
},
{
"category": "self",
"summary": "SUSE Bug 1255281",
"url": "https://bugzilla.suse.com/1255281"
},
{
"category": "self",
"summary": "SUSE Bug 1255297",
"url": "https://bugzilla.suse.com/1255297"
},
{
"category": "self",
"summary": "SUSE Bug 1255316",
"url": "https://bugzilla.suse.com/1255316"
},
{
"category": "self",
"summary": "SUSE Bug 1255318",
"url": "https://bugzilla.suse.com/1255318"
},
{
"category": "self",
"summary": "SUSE Bug 1255325",
"url": "https://bugzilla.suse.com/1255325"
},
{
"category": "self",
"summary": "SUSE Bug 1255329",
"url": "https://bugzilla.suse.com/1255329"
},
{
"category": "self",
"summary": "SUSE Bug 1255346",
"url": "https://bugzilla.suse.com/1255346"
},
{
"category": "self",
"summary": "SUSE Bug 1255349",
"url": "https://bugzilla.suse.com/1255349"
},
{
"category": "self",
"summary": "SUSE Bug 1255351",
"url": "https://bugzilla.suse.com/1255351"
},
{
"category": "self",
"summary": "SUSE Bug 1255357",
"url": "https://bugzilla.suse.com/1255357"
},
{
"category": "self",
"summary": "SUSE Bug 1255380",
"url": "https://bugzilla.suse.com/1255380"
},
{
"category": "self",
"summary": "SUSE Bug 1255395",
"url": "https://bugzilla.suse.com/1255395"
},
{
"category": "self",
"summary": "SUSE Bug 1255415",
"url": "https://bugzilla.suse.com/1255415"
},
{
"category": "self",
"summary": "SUSE Bug 1255428",
"url": "https://bugzilla.suse.com/1255428"
},
{
"category": "self",
"summary": "SUSE Bug 1255433",
"url": "https://bugzilla.suse.com/1255433"
},
{
"category": "self",
"summary": "SUSE Bug 1255434",
"url": "https://bugzilla.suse.com/1255434"
},
{
"category": "self",
"summary": "SUSE Bug 1255463",
"url": "https://bugzilla.suse.com/1255463"
},
{
"category": "self",
"summary": "SUSE Bug 1255480",
"url": "https://bugzilla.suse.com/1255480"
},
{
"category": "self",
"summary": "SUSE Bug 1255483",
"url": "https://bugzilla.suse.com/1255483"
},
{
"category": "self",
"summary": "SUSE Bug 1255489",
"url": "https://bugzilla.suse.com/1255489"
},
{
"category": "self",
"summary": "SUSE Bug 1255493",
"url": "https://bugzilla.suse.com/1255493"
},
{
"category": "self",
"summary": "SUSE Bug 1255495",
"url": "https://bugzilla.suse.com/1255495"
},
{
"category": "self",
"summary": "SUSE Bug 1255505",
"url": "https://bugzilla.suse.com/1255505"
},
{
"category": "self",
"summary": "SUSE Bug 1255507",
"url": "https://bugzilla.suse.com/1255507"
},
{
"category": "self",
"summary": "SUSE Bug 1255538",
"url": "https://bugzilla.suse.com/1255538"
},
{
"category": "self",
"summary": "SUSE Bug 1255540",
"url": "https://bugzilla.suse.com/1255540"
},
{
"category": "self",
"summary": "SUSE Bug 1255545",
"url": "https://bugzilla.suse.com/1255545"
},
{
"category": "self",
"summary": "SUSE Bug 1255549",
"url": "https://bugzilla.suse.com/1255549"
},
{
"category": "self",
"summary": "SUSE Bug 1255550",
"url": "https://bugzilla.suse.com/1255550"
},
{
"category": "self",
"summary": "SUSE Bug 1255553",
"url": "https://bugzilla.suse.com/1255553"
},
{
"category": "self",
"summary": "SUSE Bug 1255557",
"url": "https://bugzilla.suse.com/1255557"
},
{
"category": "self",
"summary": "SUSE Bug 1255558",
"url": "https://bugzilla.suse.com/1255558"
},
{
"category": "self",
"summary": "SUSE Bug 1255563",
"url": "https://bugzilla.suse.com/1255563"
},
{
"category": "self",
"summary": "SUSE Bug 1255564",
"url": "https://bugzilla.suse.com/1255564"
},
{
"category": "self",
"summary": "SUSE Bug 1255567",
"url": "https://bugzilla.suse.com/1255567"
},
{
"category": "self",
"summary": "SUSE Bug 1255570",
"url": "https://bugzilla.suse.com/1255570"
},
{
"category": "self",
"summary": "SUSE Bug 1255578",
"url": "https://bugzilla.suse.com/1255578"
},
{
"category": "self",
"summary": "SUSE Bug 1255579",
"url": "https://bugzilla.suse.com/1255579"
},
{
"category": "self",
"summary": "SUSE Bug 1255580",
"url": "https://bugzilla.suse.com/1255580"
},
{
"category": "self",
"summary": "SUSE Bug 1255583",
"url": "https://bugzilla.suse.com/1255583"
},
{
"category": "self",
"summary": "SUSE Bug 1255591",
"url": "https://bugzilla.suse.com/1255591"
},
{
"category": "self",
"summary": "SUSE Bug 1255601",
"url": "https://bugzilla.suse.com/1255601"
},
{
"category": "self",
"summary": "SUSE Bug 1255603",
"url": "https://bugzilla.suse.com/1255603"
},
{
"category": "self",
"summary": "SUSE Bug 1255605",
"url": "https://bugzilla.suse.com/1255605"
},
{
"category": "self",
"summary": "SUSE Bug 1255611",
"url": "https://bugzilla.suse.com/1255611"
},
{
"category": "self",
"summary": "SUSE Bug 1255614",
"url": "https://bugzilla.suse.com/1255614"
},
{
"category": "self",
"summary": "SUSE Bug 1255616",
"url": "https://bugzilla.suse.com/1255616"
},
{
"category": "self",
"summary": "SUSE Bug 1255617",
"url": "https://bugzilla.suse.com/1255617"
},
{
"category": "self",
"summary": "SUSE Bug 1255618",
"url": "https://bugzilla.suse.com/1255618"
},
{
"category": "self",
"summary": "SUSE Bug 1255621",
"url": "https://bugzilla.suse.com/1255621"
},
{
"category": "self",
"summary": "SUSE Bug 1255628",
"url": "https://bugzilla.suse.com/1255628"
},
{
"category": "self",
"summary": "SUSE Bug 1255629",
"url": "https://bugzilla.suse.com/1255629"
},
{
"category": "self",
"summary": "SUSE Bug 1255630",
"url": "https://bugzilla.suse.com/1255630"
},
{
"category": "self",
"summary": "SUSE Bug 1255632",
"url": "https://bugzilla.suse.com/1255632"
},
{
"category": "self",
"summary": "SUSE Bug 1255636",
"url": "https://bugzilla.suse.com/1255636"
},
{
"category": "self",
"summary": "SUSE Bug 1255688",
"url": "https://bugzilla.suse.com/1255688"
},
{
"category": "self",
"summary": "SUSE Bug 1255691",
"url": "https://bugzilla.suse.com/1255691"
},
{
"category": "self",
"summary": "SUSE Bug 1255702",
"url": "https://bugzilla.suse.com/1255702"
},
{
"category": "self",
"summary": "SUSE Bug 1255704",
"url": "https://bugzilla.suse.com/1255704"
},
{
"category": "self",
"summary": "SUSE Bug 1255706",
"url": "https://bugzilla.suse.com/1255706"
},
{
"category": "self",
"summary": "SUSE Bug 1255707",
"url": "https://bugzilla.suse.com/1255707"
},
{
"category": "self",
"summary": "SUSE Bug 1255709",
"url": "https://bugzilla.suse.com/1255709"
},
{
"category": "self",
"summary": "SUSE Bug 1255722",
"url": "https://bugzilla.suse.com/1255722"
},
{
"category": "self",
"summary": "SUSE Bug 1255723",
"url": "https://bugzilla.suse.com/1255723"
},
{
"category": "self",
"summary": "SUSE Bug 1255724",
"url": "https://bugzilla.suse.com/1255724"
},
{
"category": "self",
"summary": "SUSE Bug 1255758",
"url": "https://bugzilla.suse.com/1255758"
},
{
"category": "self",
"summary": "SUSE Bug 1255759",
"url": "https://bugzilla.suse.com/1255759"
},
{
"category": "self",
"summary": "SUSE Bug 1255760",
"url": "https://bugzilla.suse.com/1255760"
},
{
"category": "self",
"summary": "SUSE Bug 1255763",
"url": "https://bugzilla.suse.com/1255763"
},
{
"category": "self",
"summary": "SUSE Bug 1255769",
"url": "https://bugzilla.suse.com/1255769"
},
{
"category": "self",
"summary": "SUSE Bug 1255770",
"url": "https://bugzilla.suse.com/1255770"
},
{
"category": "self",
"summary": "SUSE Bug 1255772",
"url": "https://bugzilla.suse.com/1255772"
},
{
"category": "self",
"summary": "SUSE Bug 1255774",
"url": "https://bugzilla.suse.com/1255774"
},
{
"category": "self",
"summary": "SUSE Bug 1255775",
"url": "https://bugzilla.suse.com/1255775"
},
{
"category": "self",
"summary": "SUSE Bug 1255776",
"url": "https://bugzilla.suse.com/1255776"
},
{
"category": "self",
"summary": "SUSE Bug 1255780",
"url": "https://bugzilla.suse.com/1255780"
},
{
"category": "self",
"summary": "SUSE Bug 1255785",
"url": "https://bugzilla.suse.com/1255785"
},
{
"category": "self",
"summary": "SUSE Bug 1255786",
"url": "https://bugzilla.suse.com/1255786"
},
{
"category": "self",
"summary": "SUSE Bug 1255789",
"url": "https://bugzilla.suse.com/1255789"
},
{
"category": "self",
"summary": "SUSE Bug 1255790",
"url": "https://bugzilla.suse.com/1255790"
},
{
"category": "self",
"summary": "SUSE Bug 1255792",
"url": "https://bugzilla.suse.com/1255792"
},
{
"category": "self",
"summary": "SUSE Bug 1255793",
"url": "https://bugzilla.suse.com/1255793"
},
{
"category": "self",
"summary": "SUSE Bug 1255795",
"url": "https://bugzilla.suse.com/1255795"
},
{
"category": "self",
"summary": "SUSE Bug 1255798",
"url": "https://bugzilla.suse.com/1255798"
},
{
"category": "self",
"summary": "SUSE Bug 1255800",
"url": "https://bugzilla.suse.com/1255800"
},
{
"category": "self",
"summary": "SUSE Bug 1255801",
"url": "https://bugzilla.suse.com/1255801"
},
{
"category": "self",
"summary": "SUSE Bug 1255806",
"url": "https://bugzilla.suse.com/1255806"
},
{
"category": "self",
"summary": "SUSE Bug 1255807",
"url": "https://bugzilla.suse.com/1255807"
},
{
"category": "self",
"summary": "SUSE Bug 1255809",
"url": "https://bugzilla.suse.com/1255809"
},
{
"category": "self",
"summary": "SUSE Bug 1255810",
"url": "https://bugzilla.suse.com/1255810"
},
{
"category": "self",
"summary": "SUSE Bug 1255812",
"url": "https://bugzilla.suse.com/1255812"
},
{
"category": "self",
"summary": "SUSE Bug 1255814",
"url": "https://bugzilla.suse.com/1255814"
},
{
"category": "self",
"summary": "SUSE Bug 1255820",
"url": "https://bugzilla.suse.com/1255820"
},
{
"category": "self",
"summary": "SUSE Bug 1255838",
"url": "https://bugzilla.suse.com/1255838"
},
{
"category": "self",
"summary": "SUSE Bug 1255842",
"url": "https://bugzilla.suse.com/1255842"
},
{
"category": "self",
"summary": "SUSE Bug 1255843",
"url": "https://bugzilla.suse.com/1255843"
},
{
"category": "self",
"summary": "SUSE Bug 1255872",
"url": "https://bugzilla.suse.com/1255872"
},
{
"category": "self",
"summary": "SUSE Bug 1255875",
"url": "https://bugzilla.suse.com/1255875"
},
{
"category": "self",
"summary": "SUSE Bug 1255879",
"url": "https://bugzilla.suse.com/1255879"
},
{
"category": "self",
"summary": "SUSE Bug 1255883",
"url": "https://bugzilla.suse.com/1255883"
},
{
"category": "self",
"summary": "SUSE Bug 1255884",
"url": "https://bugzilla.suse.com/1255884"
},
{
"category": "self",
"summary": "SUSE Bug 1255886",
"url": "https://bugzilla.suse.com/1255886"
},
{
"category": "self",
"summary": "SUSE Bug 1255888",
"url": "https://bugzilla.suse.com/1255888"
},
{
"category": "self",
"summary": "SUSE Bug 1255890",
"url": "https://bugzilla.suse.com/1255890"
},
{
"category": "self",
"summary": "SUSE Bug 1255891",
"url": "https://bugzilla.suse.com/1255891"
},
{
"category": "self",
"summary": "SUSE Bug 1255892",
"url": "https://bugzilla.suse.com/1255892"
},
{
"category": "self",
"summary": "SUSE Bug 1255899",
"url": "https://bugzilla.suse.com/1255899"
},
{
"category": "self",
"summary": "SUSE Bug 1255902",
"url": "https://bugzilla.suse.com/1255902"
},
{
"category": "self",
"summary": "SUSE Bug 1255907",
"url": "https://bugzilla.suse.com/1255907"
},
{
"category": "self",
"summary": "SUSE Bug 1255911",
"url": "https://bugzilla.suse.com/1255911"
},
{
"category": "self",
"summary": "SUSE Bug 1255915",
"url": "https://bugzilla.suse.com/1255915"
},
{
"category": "self",
"summary": "SUSE Bug 1255918",
"url": "https://bugzilla.suse.com/1255918"
},
{
"category": "self",
"summary": "SUSE Bug 1255921",
"url": "https://bugzilla.suse.com/1255921"
},
{
"category": "self",
"summary": "SUSE Bug 1255924",
"url": "https://bugzilla.suse.com/1255924"
},
{
"category": "self",
"summary": "SUSE Bug 1255925",
"url": "https://bugzilla.suse.com/1255925"
},
{
"category": "self",
"summary": "SUSE Bug 1255931",
"url": "https://bugzilla.suse.com/1255931"
},
{
"category": "self",
"summary": "SUSE Bug 1255932",
"url": "https://bugzilla.suse.com/1255932"
},
{
"category": "self",
"summary": "SUSE Bug 1255934",
"url": "https://bugzilla.suse.com/1255934"
},
{
"category": "self",
"summary": "SUSE Bug 1255943",
"url": "https://bugzilla.suse.com/1255943"
},
{
"category": "self",
"summary": "SUSE Bug 1255944",
"url": "https://bugzilla.suse.com/1255944"
},
{
"category": "self",
"summary": "SUSE Bug 1255949",
"url": "https://bugzilla.suse.com/1255949"
},
{
"category": "self",
"summary": "SUSE Bug 1255951",
"url": "https://bugzilla.suse.com/1255951"
},
{
"category": "self",
"summary": "SUSE Bug 1255952",
"url": "https://bugzilla.suse.com/1255952"
},
{
"category": "self",
"summary": "SUSE Bug 1255955",
"url": "https://bugzilla.suse.com/1255955"
},
{
"category": "self",
"summary": "SUSE Bug 1255957",
"url": "https://bugzilla.suse.com/1255957"
},
{
"category": "self",
"summary": "SUSE Bug 1255961",
"url": "https://bugzilla.suse.com/1255961"
},
{
"category": "self",
"summary": "SUSE Bug 1255963",
"url": "https://bugzilla.suse.com/1255963"
},
{
"category": "self",
"summary": "SUSE Bug 1255964",
"url": "https://bugzilla.suse.com/1255964"
},
{
"category": "self",
"summary": "SUSE Bug 1255967",
"url": "https://bugzilla.suse.com/1255967"
},
{
"category": "self",
"summary": "SUSE Bug 1255974",
"url": "https://bugzilla.suse.com/1255974"
},
{
"category": "self",
"summary": "SUSE Bug 1255978",
"url": "https://bugzilla.suse.com/1255978"
},
{
"category": "self",
"summary": "SUSE Bug 1255984",
"url": "https://bugzilla.suse.com/1255984"
},
{
"category": "self",
"summary": "SUSE Bug 1255988",
"url": "https://bugzilla.suse.com/1255988"
},
{
"category": "self",
"summary": "SUSE Bug 1255990",
"url": "https://bugzilla.suse.com/1255990"
},
{
"category": "self",
"summary": "SUSE Bug 1255992",
"url": "https://bugzilla.suse.com/1255992"
},
{
"category": "self",
"summary": "SUSE Bug 1255993",
"url": "https://bugzilla.suse.com/1255993"
},
{
"category": "self",
"summary": "SUSE Bug 1255994",
"url": "https://bugzilla.suse.com/1255994"
},
{
"category": "self",
"summary": "SUSE Bug 1255996",
"url": "https://bugzilla.suse.com/1255996"
},
{
"category": "self",
"summary": "SUSE Bug 1256033",
"url": "https://bugzilla.suse.com/1256033"
},
{
"category": "self",
"summary": "SUSE Bug 1256034",
"url": "https://bugzilla.suse.com/1256034"
},
{
"category": "self",
"summary": "SUSE Bug 1256045",
"url": "https://bugzilla.suse.com/1256045"
},
{
"category": "self",
"summary": "SUSE Bug 1256050",
"url": "https://bugzilla.suse.com/1256050"
},
{
"category": "self",
"summary": "SUSE Bug 1256058",
"url": "https://bugzilla.suse.com/1256058"
},
{
"category": "self",
"summary": "SUSE Bug 1256071",
"url": "https://bugzilla.suse.com/1256071"
},
{
"category": "self",
"summary": "SUSE Bug 1256074",
"url": "https://bugzilla.suse.com/1256074"
},
{
"category": "self",
"summary": "SUSE Bug 1256081",
"url": "https://bugzilla.suse.com/1256081"
},
{
"category": "self",
"summary": "SUSE Bug 1256082",
"url": "https://bugzilla.suse.com/1256082"
},
{
"category": "self",
"summary": "SUSE Bug 1256083",
"url": "https://bugzilla.suse.com/1256083"
},
{
"category": "self",
"summary": "SUSE Bug 1256084",
"url": "https://bugzilla.suse.com/1256084"
},
{
"category": "self",
"summary": "SUSE Bug 1256085",
"url": "https://bugzilla.suse.com/1256085"
},
{
"category": "self",
"summary": "SUSE Bug 1256090",
"url": "https://bugzilla.suse.com/1256090"
},
{
"category": "self",
"summary": "SUSE Bug 1256093",
"url": "https://bugzilla.suse.com/1256093"
},
{
"category": "self",
"summary": "SUSE Bug 1256094",
"url": "https://bugzilla.suse.com/1256094"
},
{
"category": "self",
"summary": "SUSE Bug 1256095",
"url": "https://bugzilla.suse.com/1256095"
},
{
"category": "self",
"summary": "SUSE Bug 1256096",
"url": "https://bugzilla.suse.com/1256096"
},
{
"category": "self",
"summary": "SUSE Bug 1256099",
"url": "https://bugzilla.suse.com/1256099"
},
{
"category": "self",
"summary": "SUSE Bug 1256100",
"url": "https://bugzilla.suse.com/1256100"
},
{
"category": "self",
"summary": "SUSE Bug 1256104",
"url": "https://bugzilla.suse.com/1256104"
},
{
"category": "self",
"summary": "SUSE Bug 1256106",
"url": "https://bugzilla.suse.com/1256106"
},
{
"category": "self",
"summary": "SUSE Bug 1256107",
"url": "https://bugzilla.suse.com/1256107"
},
{
"category": "self",
"summary": "SUSE Bug 1256117",
"url": "https://bugzilla.suse.com/1256117"
},
{
"category": "self",
"summary": "SUSE Bug 1256119",
"url": "https://bugzilla.suse.com/1256119"
},
{
"category": "self",
"summary": "SUSE Bug 1256121",
"url": "https://bugzilla.suse.com/1256121"
},
{
"category": "self",
"summary": "SUSE Bug 1256145",
"url": "https://bugzilla.suse.com/1256145"
},
{
"category": "self",
"summary": "SUSE Bug 1256153",
"url": "https://bugzilla.suse.com/1256153"
},
{
"category": "self",
"summary": "SUSE Bug 1256178",
"url": "https://bugzilla.suse.com/1256178"
},
{
"category": "self",
"summary": "SUSE Bug 1256197",
"url": "https://bugzilla.suse.com/1256197"
},
{
"category": "self",
"summary": "SUSE Bug 1256231",
"url": "https://bugzilla.suse.com/1256231"
},
{
"category": "self",
"summary": "SUSE Bug 1256233",
"url": "https://bugzilla.suse.com/1256233"
},
{
"category": "self",
"summary": "SUSE Bug 1256234",
"url": "https://bugzilla.suse.com/1256234"
},
{
"category": "self",
"summary": "SUSE Bug 1256238",
"url": "https://bugzilla.suse.com/1256238"
},
{
"category": "self",
"summary": "SUSE Bug 1256263",
"url": "https://bugzilla.suse.com/1256263"
},
{
"category": "self",
"summary": "SUSE Bug 1256267",
"url": "https://bugzilla.suse.com/1256267"
},
{
"category": "self",
"summary": "SUSE Bug 1256268",
"url": "https://bugzilla.suse.com/1256268"
},
{
"category": "self",
"summary": "SUSE Bug 1256271",
"url": "https://bugzilla.suse.com/1256271"
},
{
"category": "self",
"summary": "SUSE Bug 1256273",
"url": "https://bugzilla.suse.com/1256273"
},
{
"category": "self",
"summary": "SUSE Bug 1256274",
"url": "https://bugzilla.suse.com/1256274"
},
{
"category": "self",
"summary": "SUSE Bug 1256279",
"url": "https://bugzilla.suse.com/1256279"
},
{
"category": "self",
"summary": "SUSE Bug 1256285",
"url": "https://bugzilla.suse.com/1256285"
},
{
"category": "self",
"summary": "SUSE Bug 1256291",
"url": "https://bugzilla.suse.com/1256291"
},
{
"category": "self",
"summary": "SUSE Bug 1256292",
"url": "https://bugzilla.suse.com/1256292"
},
{
"category": "self",
"summary": "SUSE Bug 1256300",
"url": "https://bugzilla.suse.com/1256300"
},
{
"category": "self",
"summary": "SUSE Bug 1256301",
"url": "https://bugzilla.suse.com/1256301"
},
{
"category": "self",
"summary": "SUSE Bug 1256302",
"url": "https://bugzilla.suse.com/1256302"
},
{
"category": "self",
"summary": "SUSE Bug 1256335",
"url": "https://bugzilla.suse.com/1256335"
},
{
"category": "self",
"summary": "SUSE Bug 1256348",
"url": "https://bugzilla.suse.com/1256348"
},
{
"category": "self",
"summary": "SUSE Bug 1256351",
"url": "https://bugzilla.suse.com/1256351"
},
{
"category": "self",
"summary": "SUSE Bug 1256354",
"url": "https://bugzilla.suse.com/1256354"
},
{
"category": "self",
"summary": "SUSE Bug 1256358",
"url": "https://bugzilla.suse.com/1256358"
},
{
"category": "self",
"summary": "SUSE Bug 1256361",
"url": "https://bugzilla.suse.com/1256361"
},
{
"category": "self",
"summary": "SUSE Bug 1256364",
"url": "https://bugzilla.suse.com/1256364"
},
{
"category": "self",
"summary": "SUSE Bug 1256366",
"url": "https://bugzilla.suse.com/1256366"
},
{
"category": "self",
"summary": "SUSE Bug 1256367",
"url": "https://bugzilla.suse.com/1256367"
},
{
"category": "self",
"summary": "SUSE Bug 1256368",
"url": "https://bugzilla.suse.com/1256368"
},
{
"category": "self",
"summary": "SUSE Bug 1256369",
"url": "https://bugzilla.suse.com/1256369"
},
{
"category": "self",
"summary": "SUSE Bug 1256370",
"url": "https://bugzilla.suse.com/1256370"
},
{
"category": "self",
"summary": "SUSE Bug 1256371",
"url": "https://bugzilla.suse.com/1256371"
},
{
"category": "self",
"summary": "SUSE Bug 1256373",
"url": "https://bugzilla.suse.com/1256373"
},
{
"category": "self",
"summary": "SUSE Bug 1256375",
"url": "https://bugzilla.suse.com/1256375"
},
{
"category": "self",
"summary": "SUSE Bug 1256379",
"url": "https://bugzilla.suse.com/1256379"
},
{
"category": "self",
"summary": "SUSE Bug 1256387",
"url": "https://bugzilla.suse.com/1256387"
},
{
"category": "self",
"summary": "SUSE Bug 1256394",
"url": "https://bugzilla.suse.com/1256394"
},
{
"category": "self",
"summary": "SUSE Bug 1256395",
"url": "https://bugzilla.suse.com/1256395"
},
{
"category": "self",
"summary": "SUSE Bug 1256396",
"url": "https://bugzilla.suse.com/1256396"
},
{
"category": "self",
"summary": "SUSE Bug 1256528",
"url": "https://bugzilla.suse.com/1256528"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42752 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53743 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53750 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53752 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53759 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53762 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53766 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53768 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53777 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53778 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53782 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53784 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53785 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53787 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53791 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53792 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53793 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53794 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53797 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53799 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53807 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53808 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53813 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53815 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53819 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53821 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53823 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53825 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53828 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53834 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53836 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53839 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53841 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53842 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53843 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53844 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53846 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53847 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53848 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53850 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53851 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53852 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53855 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53856 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53857 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53858 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53860 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53861 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53864 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53865 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53989 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53992 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53994 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53995 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53996 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53997 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53999 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54000 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54001 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54005 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54006 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54008 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54014 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54016 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54017 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54019 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54022 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54023 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54025 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54026 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54027 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54027/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54030 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54031 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54032 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54035 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54037 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54038 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54042 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54045 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54048 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54051 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54052 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54060 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54064 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54066 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54067 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54069 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54070 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54072 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54076 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54081 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54083 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54088 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54089 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54091 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54092 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54093 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54094 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54095 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54096 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54099 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54101 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54104 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54106 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54112 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54113 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54115 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54117 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54121 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54125 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54127 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54133 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54134 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54135 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54136 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54137 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54140 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54141 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54143 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54145 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54148 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54149 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54153 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54154 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54155 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54156 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54164 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54166 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54169 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54170 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54171 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54172 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54173 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54177 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54178 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54179 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54181 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54183 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54185 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54189 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54194 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54201 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54204 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54207 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54209 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54210 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54211 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54215 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54219 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54220 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54221 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54223 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54224 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54225 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54227 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54229 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54230 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54235 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54240 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54241 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54241/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54246 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54247 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54251 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54253 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54254 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54255 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54258 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54261 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54263 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54264 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54266 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54267 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54271 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54276 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54278 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54281 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54282 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54283 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54285 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54289 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54291 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54292 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54293 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54296 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54297 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54299 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54300 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54302 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54303 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54304 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54309 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54312 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54313 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54314 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54314/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54315 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54316 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54318 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54319 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54324 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54326 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26944 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38321 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39977 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40006 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40024 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40033 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40042 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40053 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40081 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40134 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40167 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40178 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40179 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40219 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40223 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40233 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40240 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40242 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40250 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40251 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40252 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40262 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40263 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40269 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40271 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40274 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40276 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40278 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40280 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40282 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40288 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40294 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40301 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40302 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40306 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40308 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40309 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40310 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40311 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40314 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40314/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40315 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40316 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40317 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40320 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40321 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40322 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40324 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40329 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40330 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40331 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40339 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40340 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40346 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40347 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40357 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40360 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68168 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68170 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68172 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68176 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68195 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68201 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68207 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68208 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68209 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68218 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68223 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68233 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68235 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68237 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68238 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68252 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68255 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68298 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68302 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68306 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68308 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68328 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68330 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68331 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68339 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68340 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68346 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68347 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68378 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68740 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68746 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68747 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68757 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68766/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-01-23T15:08:32Z",
"generator": {
"date": "2026-01-23T15:08:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0278-1",
"initial_release_date": "2026-01-23T15:08:32Z",
"revision_history": [
{
"date": "2026-01-23T15:08:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150700.7.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150700.7.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-rt-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150700.7.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP7",
"product": {
"name": "SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150700.7.28.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150700.7.28.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150700.7.28.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150700.7.28.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150700.7.28.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150700.7.28.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42752"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42752",
"url": "https://www.suse.com/security/cve/CVE-2023-42752"
},
{
"category": "external",
"summary": "SUSE Bug 1215146 for CVE-2023-42752",
"url": "https://bugzilla.suse.com/1215146"
},
{
"category": "external",
"summary": "SUSE Bug 1215468 for CVE-2023-42752",
"url": "https://bugzilla.suse.com/1215468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2023-42752"
},
{
"cve": "CVE-2023-53743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Free released resource after coalescing\n\nrelease_resource() doesn\u0027t actually free the resource or resource list\nentry so free the resource list entry to avoid a leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53743",
"url": "https://www.suse.com/security/cve/CVE-2023-53743"
},
{
"category": "external",
"summary": "SUSE Bug 1254782 for CVE-2023-53743",
"url": "https://bugzilla.suse.com/1254782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53743"
},
{
"cve": "CVE-2023-53750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: freescale: Fix a memory out of bounds when num_configs is 1\n\nThe config passed in by pad wakeup is 1, when num_configs is 1,\nConfiguration [1] should not be fetched, which will be detected\nby KASAN as a memory out of bounds condition. Modify to get\nconfigs[1] when num_configs is 2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53750",
"url": "https://www.suse.com/security/cve/CVE-2023-53750"
},
{
"category": "external",
"summary": "SUSE Bug 1254611 for CVE-2023-53750",
"url": "https://bugzilla.suse.com/1254611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53750"
},
{
"cve": "CVE-2023-53752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: deal with integer overflows in kmalloc_reserve()\n\nBlamed commit changed:\n ptr = kmalloc(size);\n if (ptr)\n size = ksize(ptr);\n\n size = kmalloc_size_roundup(size);\n ptr = kmalloc(size);\n\nThis allowed various crash as reported by syzbot [1]\nand Kyle Zeng.\n\nProblem is that if @size is bigger than 0x80000001,\nkmalloc_size_roundup(size) returns 2^32.\n\nkmalloc_reserve() uses a 32bit variable (obj_size),\nso 2^32 is truncated to 0.\n\nkmalloc(0) returns ZERO_SIZE_PTR which is not handled by\nskb allocations.\n\nFollowing trace can be triggered if a netdev-\u003emtu is set\nclose to 0x7fffffff\n\nWe might in the future limit netdev-\u003emtu to more sensible\nlimit (like KMALLOC_MAX_SIZE).\n\nThis patch is based on a syzbot report, and also a report\nand tentative fix from Kyle Zeng.\n\n[1]\nBUG: KASAN: user-memory-access in __build_skb_around net/core/skbuff.c:294 [inline]\nBUG: KASAN: user-memory-access in __alloc_skb+0x3c4/0x6e8 net/core/skbuff.c:527\nWrite of size 32 at addr 00000000fffffd10 by task syz-executor.4/22554\n\nCPU: 1 PID: 22554 Comm: syz-executor.4 Not tainted 6.1.39-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023\nCall trace:\ndump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:279\nshow_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:286\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x120/0x1a0 lib/dump_stack.c:106\nprint_report+0xe4/0x4b4 mm/kasan/report.c:398\nkasan_report+0x150/0x1ac mm/kasan/report.c:495\nkasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\nmemset+0x40/0x70 mm/kasan/shadow.c:44\n__build_skb_around net/core/skbuff.c:294 [inline]\n__alloc_skb+0x3c4/0x6e8 net/core/skbuff.c:527\nalloc_skb include/linux/skbuff.h:1316 [inline]\nigmpv3_newpack+0x104/0x1088 net/ipv4/igmp.c:359\nadd_grec+0x81c/0x1124 net/ipv4/igmp.c:534\nigmpv3_send_cr net/ipv4/igmp.c:667 [inline]\nigmp_ifc_timer_expire+0x1b0/0x1008 net/ipv4/igmp.c:810\ncall_timer_fn+0x1c0/0x9f0 kernel/time/timer.c:1474\nexpire_timers kernel/time/timer.c:1519 [inline]\n__run_timers+0x54c/0x710 kernel/time/timer.c:1790\nrun_timer_softirq+0x28/0x4c kernel/time/timer.c:1803\n_stext+0x380/0xfbc\n____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79\ncall_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:891\ndo_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84\ninvoke_softirq kernel/softirq.c:437 [inline]\n__irq_exit_rcu+0x1c0/0x4cc kernel/softirq.c:683\nirq_exit_rcu+0x14/0x78 kernel/softirq.c:695\nel0_interrupt+0x7c/0x2e0 arch/arm64/kernel/entry-common.c:717\n__el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:724\nel0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:729\nel0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53752",
"url": "https://www.suse.com/security/cve/CVE-2023-53752"
},
{
"category": "external",
"summary": "SUSE Bug 1254613 for CVE-2023-53752",
"url": "https://bugzilla.suse.com/1254613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53752"
},
{
"cve": "CVE-2023-53759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hidraw: fix data race on device refcount\n\nThe hidraw_open() function increments the hidraw device reference\ncounter. The counter has no dedicated synchronization mechanism,\nresulting in a potential data race when concurrently opening a device.\n\nThe race is a regression introduced by commit 8590222e4b02 (\"HID:\nhidraw: Replace hidraw device table mutex with a rwsem\"). While\nminors_rwsem is intended to protect the hidraw_table itself, by instead\nacquiring the lock for writing, the reference counter is also protected.\nThis is symmetrical to hidraw_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53759",
"url": "https://www.suse.com/security/cve/CVE-2023-53759"
},
{
"category": "external",
"summary": "SUSE Bug 1254663 for CVE-2023-53759",
"url": "https://bugzilla.suse.com/1254663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53759"
},
{
"cve": "CVE-2023-53762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync\n\nUse-after-free can occur in hci_disconnect_all_sync if a connection is\ndeleted by concurrent processing of a controller event.\n\nTo prevent this the code now tries to iterate over the list backwards\nto ensure the links are cleanup before its parents, also it no longer\nrelies on a cursor, instead it always uses the last element since\nhci_abort_conn_sync is guaranteed to call hci_conn_del.\n\nUAF crash log:\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_set_powered_sync\n(net/bluetooth/hci_sync.c:5424) [bluetooth]\nRead of size 8 at addr ffff888009d9c000 by task kworker/u9:0/124\n\nCPU: 0 PID: 124 Comm: kworker/u9:0 Tainted: G W\n6.5.0-rc1+ #10\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n1.16.2-1.fc38 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work [bluetooth]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xdd/0x160\n ? hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]\n kasan_report+0xa6/0xe0\n ? hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]\n ? __pfx_set_powered_sync+0x10/0x10 [bluetooth]\n hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]\n ? __pfx_hci_set_powered_sync+0x10/0x10 [bluetooth]\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_set_powered_sync+0x10/0x10 [bluetooth]\n hci_cmd_sync_work+0x137/0x220 [bluetooth]\n process_one_work+0x526/0x9d0\n ? __pfx_process_one_work+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n worker_thread+0x92/0x630\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x196/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n \u003c/TASK\u003e\n\nAllocated by task 1782:\n kasan_save_stack+0x33/0x60\n kasan_set_track+0x25/0x30\n __kasan_kmalloc+0x8f/0xa0\n hci_conn_add+0xa5/0xa80 [bluetooth]\n hci_bind_cis+0x881/0x9b0 [bluetooth]\n iso_connect_cis+0x121/0x520 [bluetooth]\n iso_sock_connect+0x3f6/0x790 [bluetooth]\n __sys_connect+0x109/0x130\n __x64_sys_connect+0x40/0x50\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFreed by task 695:\n kasan_save_stack+0x33/0x60\n kasan_set_track+0x25/0x30\n kasan_save_free_info+0x2b/0x50\n __kasan_slab_free+0x10a/0x180\n __kmem_cache_free+0x14d/0x2e0\n device_release+0x5d/0xf0\n kobject_put+0xdf/0x270\n hci_disconn_complete_evt+0x274/0x3a0 [bluetooth]\n hci_event_packet+0x579/0x7e0 [bluetooth]\n hci_rx_work+0x287/0xaa0 [bluetooth]\n process_one_work+0x526/0x9d0\n worker_thread+0x92/0x630\n kthread+0x196/0x1e0\n ret_from_fork+0x2c/0x50\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53762",
"url": "https://www.suse.com/security/cve/CVE-2023-53762"
},
{
"category": "external",
"summary": "SUSE Bug 1254606 for CVE-2023-53762",
"url": "https://bugzilla.suse.com/1254606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53762"
},
{
"cve": "CVE-2023-53766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS: JFS: Check for read-only mounted filesystem in txBegin\n\n This patch adds a check for read-only mounted filesystem\n in txBegin before starting a transaction potentially saving\n from NULL pointer deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53766",
"url": "https://www.suse.com/security/cve/CVE-2023-53766"
},
{
"category": "external",
"summary": "SUSE Bug 1255005 for CVE-2023-53766",
"url": "https://bugzilla.suse.com/1255005"
},
{
"category": "external",
"summary": "SUSE Bug 1255006 for CVE-2023-53766",
"url": "https://bugzilla.suse.com/1255006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2023-53766"
},
{
"cve": "CVE-2023-53768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53768"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap-irq: Fix out-of-bounds access when allocating config buffers\n\nWhen allocating the 2D array for handling IRQ type registers in\nregmap_add_irq_chip_fwnode(), the intent is to allocate a matrix\nwith num_config_bases rows and num_config_regs columns.\n\nThis is currently handled by allocating a buffer to hold a pointer for\neach row (i.e. num_config_bases). After that, the logic attempts to\nallocate the memory required to hold the register configuration for\neach row. However, instead of doing this allocation for each row\n(i.e. num_config_bases allocations), the logic erroneously does this\nallocation num_config_regs number of times.\n\nThis scenario can lead to out-of-bounds accesses when num_config_regs\nis greater than num_config_bases. Fix this by updating the terminating\ncondition of the loop that allocates the memory for holding the register\nconfiguration to allocate memory only for each row in the matrix.\n\nAmit Pundir reported a crash that was occurring on his db845c device\ndue to memory corruption (see \"Closes\" tag for Amit\u0027s report). The KASAN\nreport below helped narrow it down to this issue:\n\n[ 14.033877][ T1] ==================================================================\n[ 14.042507][ T1] BUG: KASAN: invalid-access in regmap_add_irq_chip_fwnode+0x594/0x1364\n[ 14.050796][ T1] Write of size 8 at addr 06ffff8081021850 by task init/1\n\n[ 14.242004][ T1] The buggy address belongs to the object at ffffff8081021850\n[ 14.242004][ T1] which belongs to the cache kmalloc-8 of size 8\n[ 14.255669][ T1] The buggy address is located 0 bytes inside of\n[ 14.255669][ T1] 8-byte region [ffffff8081021850, ffffff8081021858)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53768",
"url": "https://www.suse.com/security/cve/CVE-2023-53768"
},
{
"category": "external",
"summary": "SUSE Bug 1254599 for CVE-2023-53768",
"url": "https://bugzilla.suse.com/1254599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53768"
},
{
"cve": "CVE-2023-53777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: kill hooked chains to avoid loops on deduplicated compressed images\n\nAfter heavily stressing EROFS with several images which include a\nhand-crafted image of repeated patterns for more than 46 days, I found\ntwo chains could be linked with each other almost simultaneously and\nform a loop so that the entire loop won\u0027t be submitted. As a\nconsequence, the corresponding file pages will remain locked forever.\n\nIt can be _only_ observed on data-deduplicated compressed images.\nFor example, consider two chains with five pclusters in total:\n\tChain 1: 2-\u003e3-\u003e4-\u003e5 -- The tail pcluster is 5;\n Chain 2: 5-\u003e1-\u003e2 -- The tail pcluster is 2.\n\nChain 2 could link to Chain 1 with pcluster 5; and Chain 1 could link\nto Chain 2 at the same time with pcluster 2.\n\nSince hooked chains are all linked locklessly now, I have no idea how\nto simply avoid the race. Instead, let\u0027s avoid hooked chains completely\nuntil I could work out a proper way to fix this and end users finally\ntell us that it\u0027s needed to add it back.\n\nActually, this optimization can be found with multi-threaded workloads\n(especially even more often on deduplicated compressed images), yet I\u0027m\nnot sure about the overall system impacts of not having this compared\nwith implementation complexity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53777",
"url": "https://www.suse.com/security/cve/CVE-2023-53777"
},
{
"category": "external",
"summary": "SUSE Bug 1254749 for CVE-2023-53777",
"url": "https://bugzilla.suse.com/1254749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53777"
},
{
"cve": "CVE-2023-53778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53778"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Clean up integer overflow checking in map_user_pages()\n\nThe encode_dma() function has some validation on in_trans-\u003esize but it\nwould be more clear to move those checks to find_and_map_user_pages().\n\nThe encode_dma() had two checks:\n\n\tif (in_trans-\u003eaddr + in_trans-\u003esize \u003c in_trans-\u003eaddr || !in_trans-\u003esize)\n\t\treturn -EINVAL;\n\nThe in_trans-\u003eaddr variable is the starting address. The in_trans-\u003esize\nvariable is the total size of the transfer. The transfer can occur in\nparts and the resources-\u003exferred_dma_size tracks how many bytes we have\nalready transferred.\n\nThis patch introduces a new variable \"remaining\" which represents the\namount we want to transfer (in_trans-\u003esize) minus the amount we have\nalready transferred (resources-\u003exferred_dma_size).\n\nI have modified the check for if in_trans-\u003esize is zero to instead check\nif in_trans-\u003esize is less than resources-\u003exferred_dma_size. If we have\nalready transferred more bytes than in_trans-\u003esize then there are negative\nbytes remaining which doesn\u0027t make sense. If there are zero bytes\nremaining to be copied, just return success.\n\nThe check in encode_dma() checked that \"addr + size\" could not overflow\nand barring a driver bug that should work, but it\u0027s easier to check if\nwe do this in parts. First check that \"in_trans-\u003eaddr +\nresources-\u003exferred_dma_size\" is safe. Then check that \"xfer_start_addr +\nremaining\" is safe.\n\nMy final concern was that we are dealing with u64 values but on 32bit\nsystems the kmalloc() function will truncate the sizes to 32 bits. So\nI calculated \"total = in_trans-\u003esize + offset_in_page(xfer_start_addr);\"\nand returned -EINVAL if it were \u003e= SIZE_MAX. This will not affect 64bit\nsystems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53778",
"url": "https://www.suse.com/security/cve/CVE-2023-53778"
},
{
"category": "external",
"summary": "SUSE Bug 1254761 for CVE-2023-53778",
"url": "https://bugzilla.suse.com/1254761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53778"
},
{
"cve": "CVE-2023-53782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix out of bounds access in DCCP error handler\n\nThere was a previous attempt to fix an out-of-bounds access in the DCCP\nerror handlers, but that fix assumed that the error handlers only want\nto access the first 8 bytes of the DCCP header. Actually, they also look\nat the DCCP sequence number, which is stored beyond 8 bytes, so an\nexplicit pskb_may_pull() is required.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53782",
"url": "https://www.suse.com/security/cve/CVE-2023-53782"
},
{
"category": "external",
"summary": "SUSE Bug 1254758 for CVE-2023-53782",
"url": "https://bugzilla.suse.com/1254758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53782"
},
{
"cve": "CVE-2023-53784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: dw_hdmi: fix connector access for scdc\n\nCommit 5d844091f237 (\"drm/scdc-helper: Pimp SCDC debugs\") changed the scdc\ninterface to pick up an i2c adapter from a connector instead. However, in\nthe case of dw-hdmi, the wrong connector was being used to pass i2c adapter\ninformation, since dw-hdmi\u0027s embedded connector structure is only populated\nwhen the bridge attachment callback explicitly asks for it.\n\ndrm-meson is handling connector creation, so this won\u0027t happen, leading to\na NULL pointer dereference.\n\nFix it by having scdc functions access dw-hdmi\u0027s current connector pointer\ninstead, which is assigned during the bridge enablement stage.\n\n[narmstrong: moved Fixes tag before first S-o-b and added Reported-by tag]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53784",
"url": "https://www.suse.com/security/cve/CVE-2023-53784"
},
{
"category": "external",
"summary": "SUSE Bug 1254765 for CVE-2023-53784",
"url": "https://bugzilla.suse.com/1254765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53784"
},
{
"cve": "CVE-2023-53785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: don\u0027t assume adequate headroom for SDIO headers\n\nmt7921_usb_sdio_tx_prepare_skb() calls mt7921_usb_sdio_write_txwi() and\nmt7921_skb_add_usb_sdio_hdr(), both of which blindly assume that\nadequate headroom will be available in the passed skb. This assumption\ntypically is satisfied when the skb was allocated in the net core for\ntransmission via the mt7921 netdev (although even that is only an\noptimization and is not strictly guaranteed), but the assumption is\nsometimes not satisfied when the skb originated in the receive path of\nanother netdev and was passed through to the mt7921, such as by the\nbridge layer. Blindly prepending bytes to an skb is always wrong.\n\nThis commit introduces a call to skb_cow_head() before the call to\nmt7921_usb_sdio_write_txwi() in mt7921_usb_sdio_tx_prepare_skb() to\nensure that at least MT_SDIO_TXD_SIZE + MT_SDIO_HDR_SIZE bytes can be\npushed onto the skb.\n\nWithout this fix, I can trivially cause kernel panics by bridging an\nMT7921AU-based USB 802.11ax interface with an Ethernet interface on an\nIntel Atom-based x86 system using its onboard RTL8169 PCI Ethernet\nadapter and also on an ARM-based Raspberry Pi 1 using its onboard\nSMSC9512 USB Ethernet adapter. Note that the panics do not occur in\nevery system configuration, as they occur only if the receiving netdev\nleaves less headroom in its received skbs than the mt7921 needs for its\nSDIO headers.\n\nHere is an example stack trace of this panic on Raspberry Pi OS Lite\n2023-02-21 running kernel 6.1.24+ [1]:\n\n skb_panic from skb_push+0x44/0x48\n skb_push from mt7921_usb_sdio_tx_prepare_skb+0xd4/0x190 [mt7921_common]\n mt7921_usb_sdio_tx_prepare_skb [mt7921_common] from mt76u_tx_queue_skb+0x94/0x1d0 [mt76_usb]\n mt76u_tx_queue_skb [mt76_usb] from __mt76_tx_queue_skb+0x4c/0xc8 [mt76]\n __mt76_tx_queue_skb [mt76] from mt76_txq_schedule.part.0+0x13c/0x398 [mt76]\n mt76_txq_schedule.part.0 [mt76] from mt76_txq_schedule_all+0x24/0x30 [mt76]\n mt76_txq_schedule_all [mt76] from mt7921_tx_worker+0x58/0xf4 [mt7921_common]\n mt7921_tx_worker [mt7921_common] from __mt76_worker_fn+0x9c/0xec [mt76]\n __mt76_worker_fn [mt76] from kthread+0xbc/0xe0\n kthread from ret_from_fork+0x14/0x34\n\nAfter this fix, bridging the mt7921 interface works fine on both of my\npreviously problematic systems.\n\n[1] https://github.com/raspberrypi/firmware/tree/5c276f55a4b21345cd4d6200a504ee991851ff7a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53785",
"url": "https://www.suse.com/security/cve/CVE-2023-53785"
},
{
"category": "external",
"summary": "SUSE Bug 1254918 for CVE-2023-53785",
"url": "https://bugzilla.suse.com/1254918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53785"
},
{
"cve": "CVE-2023-53787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9063: fix null pointer deref with partial DT config\n\nWhen some of the da9063 regulators do not have corresponding DT nodes\na null pointer dereference occurs on boot because such regulators have\nno init_data causing the pointers calculated in\nda9063_check_xvp_constraints() to be invalid.\n\nDo not dereference them in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53787",
"url": "https://www.suse.com/security/cve/CVE-2023-53787"
},
{
"category": "external",
"summary": "SUSE Bug 1254750 for CVE-2023-53787",
"url": "https://bugzilla.suse.com/1254750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53787"
},
{
"cve": "CVE-2023-53791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix warning for holder mismatch from export_rdev()\n\nCommit a1d767191096 (\"md: use mddev-\u003eexternal to select holder in\nexport_rdev()\") fix the problem that \u0027claim_rdev\u0027 is used for\nblkdev_get_by_dev() while \u0027rdev\u0027 is used for blkdev_put().\n\nHowever, if mddev-\u003eexternal is changed from 0 to 1, then \u0027rdev\u0027 is used\nfor blkdev_get_by_dev() while \u0027claim_rdev\u0027 is used for blkdev_put(). And\nthis problem can be reporduced reliably by following:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 960 at block/bdev.c:618 blkdev_put+0x27c/0x330\nModules linked in: multipath md_mod loop\nCPU: 0 PID: 960 Comm: test Not tainted 6.5.0-rc2-00121-g01e55c376936-dirty #50\nRIP: 0010:blkdev_put+0x27c/0x330\nCall Trace:\n \u003cTASK\u003e\n export_rdev.isra.23+0x50/0xa0 [md_mod]\n mddev_unlock+0x19d/0x300 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix the problem by recording if \u0027rdev\u0027 is used as holder.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53791",
"url": "https://www.suse.com/security/cve/CVE-2023-53791"
},
{
"category": "external",
"summary": "SUSE Bug 1254742 for CVE-2023-53791",
"url": "https://bugzilla.suse.com/1254742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53791"
},
{
"cve": "CVE-2023-53792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix memory leak in dhchap_ctrl_secret\n\nFree dhchap_secret in nvme_ctrl_dhchap_ctrl_secret_store() before we\nreturn when nvme_auth_generate_key() returns error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53792",
"url": "https://www.suse.com/security/cve/CVE-2023-53792"
},
{
"category": "external",
"summary": "SUSE Bug 1254743 for CVE-2023-53792",
"url": "https://bugzilla.suse.com/1254743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53792"
},
{
"cve": "CVE-2023-53793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf tool x86: Fix perf_env memory leak\n\nFound by leak sanitizer:\n```\n==1632594==ERROR: LeakSanitizer: detected memory leaks\n\nDirect leak of 21 byte(s) in 1 object(s) allocated from:\n #0 0x7f2953a7077b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439\n #1 0x556701d6fbbf in perf_env__read_cpuid util/env.c:369\n #2 0x556701d70589 in perf_env__cpuid util/env.c:465\n #3 0x55670204bba2 in x86__is_amd_cpu arch/x86/util/env.c:14\n #4 0x5567020487a2 in arch__post_evsel_config arch/x86/util/evsel.c:83\n #5 0x556701d8f78b in evsel__config util/evsel.c:1366\n #6 0x556701ef5872 in evlist__config util/record.c:108\n #7 0x556701cd6bcd in test__PERF_RECORD tests/perf-record.c:112\n #8 0x556701cacd07 in run_test tests/builtin-test.c:236\n #9 0x556701cacfac in test_and_print tests/builtin-test.c:265\n #10 0x556701cadddb in __cmd_test tests/builtin-test.c:402\n #11 0x556701caf2aa in cmd_test tests/builtin-test.c:559\n #12 0x556701d3b557 in run_builtin tools/perf/perf.c:323\n #13 0x556701d3bac8 in handle_internal_command tools/perf/perf.c:377\n #14 0x556701d3be90 in run_argv tools/perf/perf.c:421\n #15 0x556701d3c3f8 in main tools/perf/perf.c:537\n #16 0x7f2952a46189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nSUMMARY: AddressSanitizer: 21 byte(s) leaked in 1 allocation(s).\n```",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53793",
"url": "https://www.suse.com/security/cve/CVE-2023-53793"
},
{
"category": "external",
"summary": "SUSE Bug 1254739 for CVE-2023-53793",
"url": "https://bugzilla.suse.com/1254739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53793"
},
{
"cve": "CVE-2023-53794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix session state check in reconnect to avoid use-after-free issue\n\nDon\u0027t collect exiting session in smb2_reconnect_server(), because it\nwill be released soon.\n\nNote that the exiting session will stay in server-\u003esmb_ses_list until\nit complete the cifs_free_ipc() and logoff() and then delete itself\nfrom the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53794",
"url": "https://www.suse.com/security/cve/CVE-2023-53794"
},
{
"category": "external",
"summary": "SUSE Bug 1255163 for CVE-2023-53794",
"url": "https://bugzilla.suse.com/1255163"
},
{
"category": "external",
"summary": "SUSE Bug 1255235 for CVE-2023-53794",
"url": "https://bugzilla.suse.com/1255235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2023-53794"
},
{
"cve": "CVE-2023-53795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: IOMMUFD_DESTROY should not increase the refcount\n\nsyzkaller found a race where IOMMUFD_DESTROY increments the refcount:\n\n obj = iommufd_get_object(ucmd-\u003eictx, cmd-\u003eid, IOMMUFD_OBJ_ANY);\n if (IS_ERR(obj))\n return PTR_ERR(obj);\n iommufd_ref_to_users(obj);\n /* See iommufd_ref_to_users() */\n if (!iommufd_object_destroy_user(ucmd-\u003eictx, obj))\n\nAs part of the sequence to join the two existing primitives together.\n\nAllowing the refcount the be elevated without holding the destroy_rwsem\nviolates the assumption that all temporary refcount elevations are\nprotected by destroy_rwsem. Racing IOMMUFD_DESTROY with\niommufd_object_destroy_user() will cause spurious failures:\n\n WARNING: CPU: 0 PID: 3076 at drivers/iommu/iommufd/device.c:477 iommufd_access_destroy+0x18/0x20 drivers/iommu/iommufd/device.c:478\n Modules linked in:\n CPU: 0 PID: 3076 Comm: syz-executor.0 Not tainted 6.3.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023\n RIP: 0010:iommufd_access_destroy+0x18/0x20 drivers/iommu/iommufd/device.c:477\n Code: e8 3d 4e 00 00 84 c0 74 01 c3 0f 0b c3 0f 1f 44 00 00 f3 0f 1e fa 48 89 fe 48 8b bf a8 00 00 00 e8 1d 4e 00 00 84 c0 74 01 c3 \u003c0f\u003e 0b c3 0f 1f 44 00 00 41 57 41 56 41 55 4c 8d ae d0 00 00 00 41\n RSP: 0018:ffffc90003067e08 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888109ea0300 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000ffffffff\n RBP: 0000000000000004 R08: 0000000000000000 R09: ffff88810bbb3500\n R10: ffff88810bbb3e48 R11: 0000000000000000 R12: ffffc90003067e88\n R13: ffffc90003067ea8 R14: ffff888101249800 R15: 00000000fffffffe\n FS: 00007ff7254fe6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000555557262da8 CR3: 000000010a6fd000 CR4: 0000000000350ef0\n Call Trace:\n \u003cTASK\u003e\n iommufd_test_create_access drivers/iommu/iommufd/selftest.c:596 [inline]\n iommufd_test+0x71c/0xcf0 drivers/iommu/iommufd/selftest.c:813\n iommufd_fops_ioctl+0x10f/0x1b0 drivers/iommu/iommufd/main.c:337\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x84/0xc0 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x38/0x80 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe solution is to not increment the refcount on the IOMMUFD_DESTROY path\nat all. Instead use the xa_lock to serialize everything. The refcount\ncheck == 1 and xa_erase can be done under a single critical region. This\navoids the need for any refcount incrementing.\n\nIt has the downside that if userspace races destroy with other operations\nit will get an EBUSY instead of waiting, but this is kind of racing is\nalready dangerous.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53795",
"url": "https://www.suse.com/security/cve/CVE-2023-53795"
},
{
"category": "external",
"summary": "SUSE Bug 1254737 for CVE-2023-53795",
"url": "https://bugzilla.suse.com/1254737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53795"
},
{
"cve": "CVE-2023-53797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: Use ktime_t rather than int when dealing with timestamps\n\nCode which interacts with timestamps needs to use the ktime_t type\nreturned by functions like ktime_get. The int type does not offer\nenough space to store these values, and attempting to use it is a\nrecipe for problems. In this particular case, overflows would occur\nwhen calculating/storing timestamps leading to incorrect values being\nreported to userspace. In some cases these bad timestamps cause input\nhandling in userspace to appear hung.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53797",
"url": "https://www.suse.com/security/cve/CVE-2023-53797"
},
{
"category": "external",
"summary": "SUSE Bug 1254733 for CVE-2023-53797",
"url": "https://bugzilla.suse.com/1254733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53797"
},
{
"cve": "CVE-2023-53799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: api - Use work queue in crypto_destroy_instance\n\nThe function crypto_drop_spawn expects to be called in process\ncontext. However, when an instance is unregistered while it still\nhas active users, the last user may cause the instance to be freed\nin atomic context.\n\nFix this by delaying the freeing to a work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53799",
"url": "https://www.suse.com/security/cve/CVE-2023-53799"
},
{
"category": "external",
"summary": "SUSE Bug 1254732 for CVE-2023-53799",
"url": "https://bugzilla.suse.com/1254732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53799"
},
{
"cve": "CVE-2023-53807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()\n\nSmatch detected this potential error pointer dereference\nclk_wzrd_register_divider(). If devm_clk_hw_register() fails then\nit sets \"hw\" to an error pointer and then dereferences it on the\nnext line. Return the error directly instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53807",
"url": "https://www.suse.com/security/cve/CVE-2023-53807"
},
{
"category": "external",
"summary": "SUSE Bug 1254724 for CVE-2023-53807",
"url": "https://bugzilla.suse.com/1254724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53807"
},
{
"cve": "CVE-2023-53808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: fix memory leak in mwifiex_histogram_read()\n\nAlways free the zeroed page on return from \u0027mwifiex_histogram_read()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53808",
"url": "https://www.suse.com/security/cve/CVE-2023-53808"
},
{
"category": "external",
"summary": "SUSE Bug 1254723 for CVE-2023-53808",
"url": "https://bugzilla.suse.com/1254723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53808"
},
{
"cve": "CVE-2023-53813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix rbtree traversal bug in ext4_mb_use_preallocated\n\nDuring allocations, while looking for preallocations(PA) in the per\ninode rbtree, we can\u0027t do a direct traversal of the tree because\next4_mb_discard_group_preallocation() can paralelly mark the pa deleted\nand that can cause direct traversal to skip some entries. This was\nleading to a BUG_ON() being hit [1] when we missed a PA that could satisfy\nour request and ultimately tried to create a new PA that would overlap\nwith the missed one.\n\nTo makes sure we handle that case while still keeping the performance of\nthe rbtree, we make use of the fact that the only pa that could possibly\noverlap the original goal start is the one that satisfies the below\nconditions:\n\n 1. It must have it\u0027s logical start immediately to the left of\n (ie less than) original logical start.\n\n 2. It must not be deleted\n\nTo find this pa we use the following traversal method:\n\n1. Descend into the rbtree normally to find the immediate neighboring\nPA. Here we keep descending irrespective of if the PA is deleted or if\nit overlaps with our request etc. The goal is to find an immediately\nadjacent PA.\n\n2. If the found PA is on right of original goal, use rb_prev() to find\nthe left adjacent PA.\n\n3. Check if this PA is deleted and keep moving left with rb_prev() until\na non deleted PA is found.\n\n4. This is the PA we are looking for. Now we can check if it can satisfy\nthe original request and proceed accordingly.\n\nThis approach also takes care of having deleted PAs in the tree.\n\n(While we are at it, also fix a possible overflow bug in calculating the\nend of a PA)\n\n[1] https://lore.kernel.org/linux-ext4/CA+G9fYv2FRpLqBZf34ZinR8bU2_ZRAUOjKAD3+tKRFaEQHtt8Q@mail.gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53813",
"url": "https://www.suse.com/security/cve/CVE-2023-53813"
},
{
"category": "external",
"summary": "SUSE Bug 1254717 for CVE-2023-53813",
"url": "https://bugzilla.suse.com/1254717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53813"
},
{
"cve": "CVE-2023-53815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Prevent RT livelock in itimer_delete()\n\nitimer_delete() has a retry loop when the timer is concurrently expired. On\nnon-RT kernels this just spin-waits until the timer callback has completed,\nexcept for posix CPU timers which have HAVE_POSIX_CPU_TIMERS_TASK_WORK\nenabled.\n\nIn that case and on RT kernels the existing task could live lock when\npreempting the task which does the timer delivery.\n\nReplace spin_unlock() with an invocation of timer_wait_running() to handle\nit the same way as the other retry loops in the posix timer code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53815",
"url": "https://www.suse.com/security/cve/CVE-2023-53815"
},
{
"category": "external",
"summary": "SUSE Bug 1254715 for CVE-2023-53815",
"url": "https://bugzilla.suse.com/1254715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53815"
},
{
"cve": "CVE-2023-53819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\namdgpu: validate offset_in_bo of drm_amdgpu_gem_va\n\nThis is motivated by OOB access in amdgpu_vm_update_range when\noffset_in_bo+map_size overflows.\n\nv2: keep the validations in amdgpu_vm_bo_map\nv3: add the validations to amdgpu_vm_bo_map/amdgpu_vm_bo_replace_map\n rather than to amdgpu_gem_va_ioctl",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53819",
"url": "https://www.suse.com/security/cve/CVE-2023-53819"
},
{
"category": "external",
"summary": "SUSE Bug 1254712 for CVE-2023-53819",
"url": "https://bugzilla.suse.com/1254712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53819"
},
{
"cve": "CVE-2023-53821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: fix slab-use-after-free in decode_session6\n\nWhen ipv6_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ipv6_vti device sends IPv6 packets.\n\nThe stack information is as follows:\nBUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890\nRead of size 1 at addr ffff88802e08edc2 by task swapper/0/0\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0-next-20230707-00001-g84e2cad7f979 #410\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xd9/0x150\nprint_address_description.constprop.0+0x2c/0x3c0\nkasan_report+0x11d/0x130\ndecode_session6+0x103f/0x1890\n__xfrm_decode_session+0x54/0xb0\nvti6_tnl_xmit+0x3e6/0x1ee0\ndev_hard_start_xmit+0x187/0x700\nsch_direct_xmit+0x1a3/0xc30\n__qdisc_run+0x510/0x17a0\n__dev_queue_xmit+0x2215/0x3b10\nneigh_connected_output+0x3c2/0x550\nip6_finish_output2+0x55a/0x1550\nip6_finish_output+0x6b9/0x1270\nip6_output+0x1f1/0x540\nndisc_send_skb+0xa63/0x1890\nndisc_send_rs+0x132/0x6f0\naddrconf_rs_timer+0x3f1/0x870\ncall_timer_fn+0x1a0/0x580\nexpire_timers+0x29b/0x4b0\nrun_timer_softirq+0x326/0x910\n__do_softirq+0x1d4/0x905\nirq_exit_rcu+0xb7/0x120\nsysvec_apic_timer_interrupt+0x97/0xc0\n\u003c/IRQ\u003e\nAllocated by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\n__kasan_slab_alloc+0x7f/0x90\nkmem_cache_alloc_node+0x1cd/0x410\nkmalloc_reserve+0x165/0x270\n__alloc_skb+0x129/0x330\nnetlink_sendmsg+0x9b1/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\nkasan_save_free_info+0x2b/0x40\n____kasan_slab_free+0x160/0x1c0\nslab_free_freelist_hook+0x11b/0x220\nkmem_cache_free+0xf0/0x490\nskb_free_head+0x17f/0x1b0\nskb_release_data+0x59c/0x850\nconsume_skb+0xd2/0x170\nnetlink_unicast+0x54f/0x7f0\nnetlink_sendmsg+0x926/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nThe buggy address belongs to the object at ffff88802e08ed00\nwhich belongs to the cache skbuff_small_head of size 640\nThe buggy address is located 194 bytes inside of\nfreed 640-byte region [ffff88802e08ed00, ffff88802e08ef80)\n\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53821",
"url": "https://www.suse.com/security/cve/CVE-2023-53821"
},
{
"category": "external",
"summary": "SUSE Bug 1254669 for CVE-2023-53821",
"url": "https://bugzilla.suse.com/1254669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53821"
},
{
"cve": "CVE-2023-53823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rq_qos: protect rq_qos apis with a new lock\n\ncommit 50e34d78815e (\"block: disable the elevator int del_gendisk\")\nmove rq_qos_exit() from disk_release() to del_gendisk(), this will\nintroduce some problems:\n\n1) If rq_qos_add() is triggered by enabling iocost/iolatency through\n cgroupfs, then it can concurrent with del_gendisk(), it\u0027s not safe to\n write \u0027q-\u003erq_qos\u0027 concurrently.\n\n2) Activate cgroup policy that is relied on rq_qos will call\n rq_qos_add() and blkcg_activate_policy(), and if rq_qos_exit() is\n called in the middle, null-ptr-dereference will be triggered in\n blkcg_activate_policy().\n\n3) blkg_conf_open_bdev() can call blkdev_get_no_open() first to find the\n disk, then if rq_qos_exit() from del_gendisk() is done before\n rq_qos_add(), then memory will be leaked.\n\nThis patch add a new disk level mutex \u0027rq_qos_mutex\u0027:\n\n1) The lock will protect rq_qos_exit() directly.\n\n2) For wbt that doesn\u0027t relied on blk-cgroup, rq_qos_add() can only be\n called from disk initialization for now because wbt can\u0027t be\n destructed until rq_qos_exit(), so it\u0027s safe not to protect wbt for\n now. Hoever, in case that rq_qos dynamically destruction is supported\n in the furture, this patch also protect rq_qos_add() from wbt_init()\n directly, this is enough because blk-sysfs already synchronize\n writers with disk removal.\n\n3) For iocost and iolatency, in order to synchronize disk removal and\n cgroup configuration, the lock is held after blkdev_get_no_open()\n from blkg_conf_open_bdev(), and is released in blkg_conf_exit().\n In order to fix the above memory leak, disk_live() is checked after\n holding the new lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53823",
"url": "https://www.suse.com/security/cve/CVE-2023-53823"
},
{
"category": "external",
"summary": "SUSE Bug 1254691 for CVE-2023-53823",
"url": "https://bugzilla.suse.com/1254691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53823"
},
{
"cve": "CVE-2023-53825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().\n\nsyzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720\n(\"kcm: Fix memory leak in error path of kcm_sendmsg()\") suppressed it by\nupdating kcm_tx_msg(head)-\u003elast_skb if partial data is copied so that the\nfollowing sendmsg() will resume from the skb.\n\nHowever, we cannot know how many bytes were copied when we get the error.\nThus, we could mess up the MSG_MORE queue.\n\nWhen kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we\ndo so for UDP by udp_flush_pending_frames().\n\nEven without this change, when the error occurred, the following sendmsg()\nresumed from a wrong skb and the queue was messed up. However, we have\nyet to get such a report, and only syzkaller stumbled on it. So, this\ncan be changed safely.\n\nNote this does not change SOCK_SEQPACKET behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53825",
"url": "https://www.suse.com/security/cve/CVE-2023-53825"
},
{
"category": "external",
"summary": "SUSE Bug 1254707 for CVE-2023-53825",
"url": "https://bugzilla.suse.com/1254707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53825"
},
{
"cve": "CVE-2023-53828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor()\n\nKSAN reports use-after-free in hci_add_adv_monitor().\n\nWhile adding an adv monitor,\n hci_add_adv_monitor() calls -\u003e\n msft_add_monitor_pattern() calls -\u003e\n msft_add_monitor_sync() calls -\u003e\n msft_le_monitor_advertisement_cb() calls in an error case -\u003e\n hci_free_adv_monitor() which frees the *moniter.\n\nThis is referenced by bt_dev_dbg() in hci_add_adv_monitor().\n\nFix the bt_dev_dbg() by using handle instead of monitor-\u003ehandle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53828",
"url": "https://www.suse.com/security/cve/CVE-2023-53828"
},
{
"category": "external",
"summary": "SUSE Bug 1254623 for CVE-2023-53828",
"url": "https://bugzilla.suse.com/1254623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53828"
},
{
"cve": "CVE-2023-53831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: read sk-\u003esk_family once in sk_mc_loop()\n\nsyzbot is playing with IPV6_ADDRFORM quite a lot these days,\nand managed to hit the WARN_ON_ONCE(1) in sk_mc_loop()\n\nWe have many more similar issues to fix.\n\nWARNING: CPU: 1 PID: 1593 at net/core/sock.c:782 sk_mc_loop+0x165/0x260\nModules linked in:\nCPU: 1 PID: 1593 Comm: kworker/1:3 Not tainted 6.1.40-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nWorkqueue: events_power_efficient gc_worker\nRIP: 0010:sk_mc_loop+0x165/0x260 net/core/sock.c:782\nCode: 34 1b fd 49 81 c7 18 05 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 25 36 6d fd 4d 8b 37 eb 13 e8 db 33 1b fd \u003c0f\u003e 0b b3 01 eb 34 e8 d0 33 1b fd 45 31 f6 49 83 c6 38 4c 89 f0 48\nRSP: 0018:ffffc90000388530 EFLAGS: 00010246\nRAX: ffffffff846d9b55 RBX: 0000000000000011 RCX: ffff88814f884980\nRDX: 0000000000000102 RSI: ffffffff87ae5160 RDI: 0000000000000011\nRBP: ffffc90000388550 R08: 0000000000000003 R09: ffffffff846d9a65\nR10: 0000000000000002 R11: ffff88814f884980 R12: dffffc0000000000\nR13: ffff88810dbee000 R14: 0000000000000010 R15: ffff888150084000\nFS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000180 CR3: 000000014ee5b000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cIRQ\u003e\n[\u003cffffffff8507734f\u003e] ip6_finish_output2+0x33f/0x1ae0 net/ipv6/ip6_output.c:83\n[\u003cffffffff85062766\u003e] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline]\n[\u003cffffffff85062766\u003e] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211\n[\u003cffffffff85061f8c\u003e] NF_HOOK_COND include/linux/netfilter.h:298 [inline]\n[\u003cffffffff85061f8c\u003e] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232\n[\u003cffffffff852071cf\u003e] dst_output include/net/dst.h:444 [inline]\n[\u003cffffffff852071cf\u003e] ip6_local_out+0x10f/0x140 net/ipv6/output_core.c:161\n[\u003cffffffff83618fb4\u003e] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:483 [inline]\n[\u003cffffffff83618fb4\u003e] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]\n[\u003cffffffff83618fb4\u003e] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n[\u003cffffffff83618fb4\u003e] ipvlan_queue_xmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677\n[\u003cffffffff8361ddd9\u003e] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229\n[\u003cffffffff84763fc0\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff84763fc0\u003e] xmit_one net/core/dev.c:3644 [inline]\n[\u003cffffffff84763fc0\u003e] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660\n[\u003cffffffff8494c650\u003e] sch_direct_xmit+0x2a0/0x9c0 net/sched/sch_generic.c:342\n[\u003cffffffff8494d883\u003e] qdisc_restart net/sched/sch_generic.c:407 [inline]\n[\u003cffffffff8494d883\u003e] __qdisc_run+0xb13/0x1e70 net/sched/sch_generic.c:415\n[\u003cffffffff8478c426\u003e] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125\n[\u003cffffffff84796eac\u003e] net_tx_action+0x7ac/0x940 net/core/dev.c:5247\n[\u003cffffffff858002bd\u003e] __do_softirq+0x2bd/0x9bd kernel/softirq.c:599\n[\u003cffffffff814c3fe8\u003e] invoke_softirq kernel/softirq.c:430 [inline]\n[\u003cffffffff814c3fe8\u003e] __irq_exit_rcu+0xc8/0x170 kernel/softirq.c:683\n[\u003cffffffff814c3f09\u003e] irq_exit_rcu+0x9/0x20 kernel/softirq.c:695",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53831",
"url": "https://www.suse.com/security/cve/CVE-2023-53831"
},
{
"category": "external",
"summary": "SUSE Bug 1254701 for CVE-2023-53831",
"url": "https://bugzilla.suse.com/1254701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53831"
},
{
"cve": "CVE-2023-53834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ina2xx: avoid NULL pointer dereference on OF device match\n\nThe affected lines were resulting in a NULL pointer dereference on our\nplatform because the device tree contained the following list of\ncompatible strings:\n\n power-sensor@40 {\n compatible = \"ti,ina232\", \"ti,ina231\";\n ...\n };\n\nSince the driver doesn\u0027t declare a compatible string \"ti,ina232\", the OF\nmatching succeeds on \"ti,ina231\". But the I2C device ID info is\npopulated via the first compatible string, cf. modalias population in\nof_i2c_get_board_info(). Since there is no \"ina232\" entry in the legacy\nI2C device ID table either, the struct i2c_device_id *id pointer in the\nprobe function is NULL.\n\nFix this by using the already populated type variable instead, which\npoints to the proper driver data. Since the name is also wanted, add a\ngeneric one to the ina2xx_config table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53834",
"url": "https://www.suse.com/security/cve/CVE-2023-53834"
},
{
"category": "external",
"summary": "SUSE Bug 1254660 for CVE-2023-53834",
"url": "https://bugzilla.suse.com/1254660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53834"
},
{
"cve": "CVE-2023-53836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix skb refcnt race after locking changes\n\nThere is a race where skb\u0027s from the sk_psock_backlog can be referenced\nafter userspace side has already skb_consumed() the sk_buff and its refcnt\ndropped to zer0 causing use after free.\n\nThe flow is the following:\n\n while ((skb = skb_peek(\u0026psock-\u003eingress_skb))\n sk_psock_handle_Skb(psock, skb, ..., ingress)\n if (!ingress) ...\n sk_psock_skb_ingress\n sk_psock_skb_ingress_enqueue(skb)\n msg-\u003eskb = skb\n sk_psock_queue_msg(psock, msg)\n skb_dequeue(\u0026psock-\u003eingress_skb)\n\nThe sk_psock_queue_msg() puts the msg on the ingress_msg queue. This is\nwhat the application reads when recvmsg() is called. An application can\nread this anytime after the msg is placed on the queue. The recvmsg hook\nwill also read msg-\u003eskb and then after user space reads the msg will call\nconsume_skb(skb) on it effectively free\u0027ing it.\n\nBut, the race is in above where backlog queue still has a reference to\nthe skb and calls skb_dequeue(). If the skb_dequeue happens after the\nuser reads and free\u0027s the skb we have a use after free.\n\nThe !ingress case does not suffer from this problem because it uses\nsendmsg_*(sk, msg) which does not pass the sk_buff further down the\nstack.\n\nThe following splat was observed with \u0027test_progs -t sockmap_listen\u0027:\n\n [ 1022.710250][ T2556] general protection fault, ...\n [...]\n [ 1022.712830][ T2556] Workqueue: events sk_psock_backlog\n [ 1022.713262][ T2556] RIP: 0010:skb_dequeue+0x4c/0x80\n [ 1022.713653][ T2556] Code: ...\n [...]\n [ 1022.720699][ T2556] Call Trace:\n [ 1022.720984][ T2556] \u003cTASK\u003e\n [ 1022.721254][ T2556] ? die_addr+0x32/0x80^M\n [ 1022.721589][ T2556] ? exc_general_protection+0x25a/0x4b0\n [ 1022.722026][ T2556] ? asm_exc_general_protection+0x22/0x30\n [ 1022.722489][ T2556] ? skb_dequeue+0x4c/0x80\n [ 1022.722854][ T2556] sk_psock_backlog+0x27a/0x300\n [ 1022.723243][ T2556] process_one_work+0x2a7/0x5b0\n [ 1022.723633][ T2556] worker_thread+0x4f/0x3a0\n [ 1022.723998][ T2556] ? __pfx_worker_thread+0x10/0x10\n [ 1022.724386][ T2556] kthread+0xfd/0x130\n [ 1022.724709][ T2556] ? __pfx_kthread+0x10/0x10\n [ 1022.725066][ T2556] ret_from_fork+0x2d/0x50\n [ 1022.725409][ T2556] ? __pfx_kthread+0x10/0x10\n [ 1022.725799][ T2556] ret_from_fork_asm+0x1b/0x30\n [ 1022.726201][ T2556] \u003c/TASK\u003e\n\nTo fix we add an skb_get() before passing the skb to be enqueued in the\nengress queue. This bumps the skb-\u003eusers refcnt so that consume_skb()\nand kfree_skb will not immediately free the sk_buff. With this we can\nbe sure the skb is still around when we do the dequeue. Then we just\nneed to decrement the refcnt or free the skb in the backlog case which\nwe do by calling kfree_skb() on the ingress case as well as the sendmsg\ncase.\n\nBefore locking change from fixes tag we had the sock locked so we\ncouldn\u0027t race with user and there was no issue here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53836",
"url": "https://www.suse.com/security/cve/CVE-2023-53836"
},
{
"category": "external",
"summary": "SUSE Bug 1254693 for CVE-2023-53836",
"url": "https://bugzilla.suse.com/1254693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53836"
},
{
"cve": "CVE-2023-53839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: fix data-race around dp-\u003edccps_mss_cache\n\ndccp_sendmsg() reads dp-\u003edccps_mss_cache before locking the socket.\nSame thing in do_dccp_getsockopt().\n\nAdd READ_ONCE()/WRITE_ONCE() annotations,\nand change dccp_sendmsg() to check again dccps_mss_cache\nafter socket is locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53839",
"url": "https://www.suse.com/security/cve/CVE-2023-53839"
},
{
"category": "external",
"summary": "SUSE Bug 1254655 for CVE-2023-53839",
"url": "https://bugzilla.suse.com/1254655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53839"
},
{
"cve": "CVE-2023-53841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: report devlink_port_type_warn source device\n\ndevlink_port_type_warn is scheduled for port devlink and warning\nwhen the port type is not set. But from this warning it is not easy\nfound out which device (driver) has no devlink port set.\n\n[ 3709.975552] Type was not set for devlink port.\n[ 3709.975579] WARNING: CPU: 1 PID: 13092 at net/devlink/leftover.c:6775 devlink_port_type_warn+0x11/0x20\n[ 3709.993967] Modules linked in: openvswitch nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nfnetlink bluetooth rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs vhost_net vhost vhost_iotlb tap tun bridge stp llc qrtr intel_rapl_msr intel_rapl_common i10nm_edac nfit libnvdimm x86_pkg_temp_thermal mlx5_ib intel_powerclamp coretemp dell_wmi ledtrig_audio sparse_keymap ipmi_ssif kvm_intel ib_uverbs rfkill ib_core video kvm iTCO_wdt acpi_ipmi intel_vsec irqbypass ipmi_si iTCO_vendor_support dcdbas ipmi_devintf mei_me ipmi_msghandler rapl mei intel_cstate isst_if_mmio isst_if_mbox_pci dell_smbios intel_uncore isst_if_common i2c_i801 dell_wmi_descriptor wmi_bmof i2c_smbus intel_pch_thermal pcspkr acpi_power_meter xfs libcrc32c sd_mod sg nvme_tcp mgag200 i2c_algo_bit nvme_fabrics drm_shmem_helper drm_kms_helper nvme syscopyarea ahci sysfillrect sysimgblt nvme_core fb_sys_fops crct10dif_pclmul libahci mlx5_core sfc crc32_pclmul nvme_common drm\n[ 3709.994030] crc32c_intel mtd t10_pi mlxfw libata tg3 mdio megaraid_sas psample ghash_clmulni_intel pci_hyperv_intf wmi dm_multipath sunrpc dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fuse\n[ 3710.108431] CPU: 1 PID: 13092 Comm: kworker/1:1 Kdump: loaded Not tainted 5.14.0-319.el9.x86_64 #1\n[ 3710.108435] Hardware name: Dell Inc. PowerEdge R750/0PJ80M, BIOS 1.8.2 09/14/2022\n[ 3710.108437] Workqueue: events devlink_port_type_warn\n[ 3710.108440] RIP: 0010:devlink_port_type_warn+0x11/0x20\n[ 3710.108443] Code: 84 76 fe ff ff 48 c7 03 20 0e 1a ad 31 c0 e9 96 fd ff ff 66 0f 1f 44 00 00 0f 1f 44 00 00 48 c7 c7 18 24 4e ad e8 ef 71 62 ff \u003c0f\u003e 0b c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f6 87\n[ 3710.108445] RSP: 0018:ff3b6d2e8b3c7e90 EFLAGS: 00010282\n[ 3710.108447] RAX: 0000000000000000 RBX: ff366d6580127080 RCX: 0000000000000027\n[ 3710.108448] RDX: 0000000000000027 RSI: 00000000ffff86de RDI: ff366d753f41f8c8\n[ 3710.108449] RBP: ff366d658ff5a0c0 R08: ff366d753f41f8c0 R09: ff3b6d2e8b3c7e18\n[ 3710.108450] R10: 0000000000000001 R11: 0000000000000023 R12: ff366d753f430600\n[ 3710.108451] R13: ff366d753f436900 R14: 0000000000000000 R15: ff366d753f436905\n[ 3710.108452] FS: 0000000000000000(0000) GS:ff366d753f400000(0000) knlGS:0000000000000000\n[ 3710.108453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3710.108454] CR2: 00007f1c57bc74e0 CR3: 000000111d26a001 CR4: 0000000000773ee0\n[ 3710.108456] PKRU: 55555554\n[ 3710.108457] Call Trace:\n[ 3710.108458] \u003cTASK\u003e\n[ 3710.108459] process_one_work+0x1e2/0x3b0\n[ 3710.108466] ? rescuer_thread+0x390/0x390\n[ 3710.108468] worker_thread+0x50/0x3a0\n[ 3710.108471] ? rescuer_thread+0x390/0x390\n[ 3710.108473] kthread+0xdd/0x100\n[ 3710.108477] ? kthread_complete_and_exit+0x20/0x20\n[ 3710.108479] ret_from_fork+0x1f/0x30\n[ 3710.108485] \u003c/TASK\u003e\n[ 3710.108486] ---[ end trace 1b4b23cd0c65d6a0 ]---\n\nAfter patch:\n[ 402.473064] ice 0000:41:00.0: Type was not set for devlink port.\n[ 402.473064] ice 0000:41:00.1: Type was not set for devlink port.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53841",
"url": "https://www.suse.com/security/cve/CVE-2023-53841"
},
{
"category": "external",
"summary": "SUSE Bug 1255009 for CVE-2023-53841",
"url": "https://bugzilla.suse.com/1255009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-53841"
},
{
"cve": "CVE-2023-53842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove\n\nThe MBHC resources must be released on component probe failure and\nremoval so can not be tied to the lifetime of the component device.\n\nThis is specifically needed to allow probe deferrals of the sound card\nwhich otherwise fails when reprobing the codec component:\n\n snd-sc8280xp sound: ASoC: failed to instantiate card -517\n genirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)\n wcd938x_codec audio-codec: Failed to request mbhc interrupts -16\n wcd938x_codec audio-codec: mbhc initialization failed\n wcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16\n snd-sc8280xp sound: ASoC: failed to instantiate card -16",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53842",
"url": "https://www.suse.com/security/cve/CVE-2023-53842"
},
{
"category": "external",
"summary": "SUSE Bug 1254690 for CVE-2023-53842",
"url": "https://bugzilla.suse.com/1254690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53842"
},
{
"cve": "CVE-2023-53843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53843"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: reject negative ifindex\n\nRecent changes in net-next (commit 759ab1edb56c (\"net: store netdevs\nin an xarray\")) refactored the handling of pre-assigned ifindexes\nand let syzbot surface a latent problem in ovs. ovs does not validate\nifindex, making it possible to create netdev ports with negative\nifindex values. It\u0027s easy to repro with YNL:\n\n$ ./cli.py --spec netlink/specs/ovs_datapath.yaml \\\n --do new \\\n\t --json \u0027{\"upcall-pid\": 1, \"name\":\"my-dp\"}\u0027\n$ ./cli.py --spec netlink/specs/ovs_vport.yaml \\\n\t --do new \\\n\t --json \u0027{\"upcall-pid\": \"00000001\", \"name\": \"some-port0\", \"dp-ifindex\":3,\"ifindex\":4294901760,\"type\":2}\u0027\n\n$ ip link show\n-65536: some-port0: \u003cBROADCAST,MULTICAST\u003e mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\n link/ether 7a:48:21:ad:0b:fb brd ff:ff:ff:ff:ff:ff\n...\n\nValidate the inputs. Now the second command correctly returns:\n\n$ ./cli.py --spec netlink/specs/ovs_vport.yaml \\\n\t --do new \\\n\t --json \u0027{\"upcall-pid\": \"00000001\", \"name\": \"some-port0\", \"dp-ifindex\":3,\"ifindex\":4294901760,\"type\":2}\u0027\n\nlib.ynl.NlError: Netlink error: Numerical result out of range\nnl_len = 108 (92) nl_flags = 0x300 nl_type = 2\n\terror: -34\textack: {\u0027msg\u0027: \u0027integer out of range\u0027, \u0027unknown\u0027: [[type:4 len:36] b\u0027\\x0c\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x03\\x00\\xff\\xff\\xff\\x7f\\x00\\x00\\x00\\x00\\x08\\x00\\x01\\x00\\x08\\x00\\x00\\x00\u0027], \u0027bad-attr\u0027: \u0027.ifindex\u0027}\n\nAccept 0 since it used to be silently ignored.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53843",
"url": "https://www.suse.com/security/cve/CVE-2023-53843"
},
{
"category": "external",
"summary": "SUSE Bug 1254705 for CVE-2023-53843",
"url": "https://bugzilla.suse.com/1254705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53843"
},
{
"cve": "CVE-2023-53844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Don\u0027t leak a resource on swapout move error\n\nIf moving the bo to system for swapout failed, we were leaking\na resource. Fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53844",
"url": "https://www.suse.com/security/cve/CVE-2023-53844"
},
{
"category": "external",
"summary": "SUSE Bug 1254649 for CVE-2023-53844",
"url": "https://bugzilla.suse.com/1254649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53844"
},
{
"cve": "CVE-2023-53846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on direct node in truncate_dnode()\n\nsyzbot reports below bug:\n\nBUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\nRead of size 4 at addr ffff88802a25c000 by task syz-executor148/5000\n\nCPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351\n print_report mm/kasan/report.c:462 [inline]\n kasan_report+0x11c/0x130 mm/kasan/report.c:572\n f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\n truncate_dnode+0x229/0x2e0 fs/f2fs/node.c:944\n f2fs_truncate_inode_blocks+0x64b/0xde0 fs/f2fs/node.c:1154\n f2fs_do_truncate_blocks+0x4ac/0xf30 fs/f2fs/file.c:721\n f2fs_truncate_blocks+0x7b/0x300 fs/f2fs/file.c:749\n f2fs_truncate.part.0+0x4a5/0x630 fs/f2fs/file.c:799\n f2fs_truncate include/linux/fs.h:825 [inline]\n f2fs_setattr+0x1738/0x2090 fs/f2fs/file.c:1006\n notify_change+0xb2c/0x1180 fs/attr.c:483\n do_truncate+0x143/0x200 fs/open.c:66\n handle_truncate fs/namei.c:3295 [inline]\n do_open fs/namei.c:3640 [inline]\n path_openat+0x2083/0x2750 fs/namei.c:3791\n do_filp_open+0x1ba/0x410 fs/namei.c:3818\n do_sys_openat2+0x16d/0x4c0 fs/open.c:1356\n do_sys_open fs/open.c:1372 [inline]\n __do_sys_creat fs/open.c:1448 [inline]\n __se_sys_creat fs/open.c:1442 [inline]\n __x64_sys_creat+0xcd/0x120 fs/open.c:1442\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is, inodeA references inodeB via inodeB\u0027s ino, once inodeA\nis truncated, it calls truncate_dnode() to truncate data blocks in inodeB\u0027s\nnode page, it traverse mapping data from node-\u003ei.i_addr[0] to\nnode-\u003ei.i_addr[ADDRS_PER_BLOCK() - 1], result in out-of-boundary access.\n\nThis patch fixes to add sanity check on dnode page in truncate_dnode(),\nso that, it can help to avoid triggering such issue, and once it encounters\nsuch issue, it will record newly introduced ERROR_INVALID_NODE_REFERENCE\nerror into superblock, later fsck can detect such issue and try repairing.\n\nAlso, it removes f2fs_truncate_data_blocks() for cleanup due to the\nfunction has only one caller, and uses f2fs_truncate_data_blocks_range()\ninstead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53846",
"url": "https://www.suse.com/security/cve/CVE-2023-53846"
},
{
"category": "external",
"summary": "SUSE Bug 1254983 for CVE-2023-53846",
"url": "https://bugzilla.suse.com/1254983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53846"
},
{
"cve": "CVE-2023-53847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Fix uninit-value in alauda_check_media()\n\nSyzbot got KMSAN to complain about access to an uninitialized value in\nthe alauda subdriver of usb-storage:\n\nBUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0\ndrivers/usb/storage/alauda.c:1137\nCPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x191/0x1f0 lib/dump_stack.c:113\n kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108\n __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250\n alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460\n\nThe problem is that alauda_check_media() doesn\u0027t verify that its USB\ntransfer succeeded before trying to use the received data. What\nshould happen if the transfer fails isn\u0027t entirely clear, but a\nreasonably conservative approach is to pretend that no media is\npresent.\n\nA similar problem exists in a usb_stor_dbg() call in\nalauda_get_media_status(). In this case, when an error occurs the\ncall is redundant, because usb_stor_ctrl_transfer() already will print\na debugging message.\n\nFinally, unrelated to the uninitialized memory access, is the fact\nthat alauda_check_media() performs DMA to a buffer on the stack.\nFortunately usb-storage provides a general purpose DMA-able buffer for\nuses like this. We\u0027ll use it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53847",
"url": "https://www.suse.com/security/cve/CVE-2023-53847"
},
{
"category": "external",
"summary": "SUSE Bug 1254698 for CVE-2023-53847",
"url": "https://bugzilla.suse.com/1254698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53847"
},
{
"cve": "CVE-2023-53848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5-cache: fix a deadlock in r5l_exit_log()\n\nCommit b13015af94cf (\"md/raid5-cache: Clear conf-\u003elog after finishing\nwork\") introduce a new problem:\n\n// caller hold reconfig_mutex\nr5l_exit_log\n flush_work(\u0026log-\u003edisable_writeback_work)\n\t\t\tr5c_disable_writeback_async\n\t\t\t wait_event\n\t\t\t /*\n\t\t\t * conf-\u003elog is not NULL, and mddev_trylock()\n\t\t\t * will fail, wait_event() can never pass.\n\t\t\t */\n conf-\u003elog = NULL\n\nFix this problem by setting \u0027config-\u003elog\u0027 to NULL before wake_up() as it\nused to be, so that wait_event() from r5c_disable_writeback_async() can\nexist. In the meantime, move forward md_unregister_thread() so that\nnull-ptr-deref this commit fixed can still be fixed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53848",
"url": "https://www.suse.com/security/cve/CVE-2023-53848"
},
{
"category": "external",
"summary": "SUSE Bug 1254753 for CVE-2023-53848",
"url": "https://bugzilla.suse.com/1254753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53848"
},
{
"cve": "CVE-2023-53850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: use internal state to free traffic IRQs\n\nIf the system tries to close the netdev while iavf_reset_task() is\nrunning, __LINK_STATE_START will be cleared and netif_running() will\nreturn false in iavf_reinit_interrupt_scheme(). This will result in\niavf_free_traffic_irqs() not being called and a leak as follows:\n\n [7632.489326] remove_proc_entry: removing non-empty directory \u0027irq/999\u0027, leaking at least \u0027iavf-enp24s0f0v0-TxRx-0\u0027\n [7632.490214] WARNING: CPU: 0 PID: 10 at fs/proc/generic.c:718 remove_proc_entry+0x19b/0x1b0\n\nis shown when pci_disable_msix() is later called. Fix by using the\ninternal adapter state. The traffic IRQs will always exist if\nstate == __IAVF_RUNNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53850",
"url": "https://www.suse.com/security/cve/CVE-2023-53850"
},
{
"category": "external",
"summary": "SUSE Bug 1254677 for CVE-2023-53850",
"url": "https://bugzilla.suse.com/1254677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53850"
},
{
"cve": "CVE-2023-53851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: Drop aux devices together with DP controller\n\nUsing devres to depopulate the aux bus made sure that upon a probe\ndeferral the EDP panel device would be destroyed and recreated upon next\nattempt.\n\nBut the struct device which the devres is tied to is the DPUs\n(drm_dev-\u003edev), which may be happen after the DP controller is torn\ndown.\n\nIndications of this can be seen in the commonly seen EDID-hexdump full\nof zeros in the log, or the occasional/rare KASAN fault where the\npanel\u0027s attempt to read the EDID information causes a use after free on\nDP resources.\n\nIt\u0027s tempting to move the devres to the DP controller\u0027s struct device,\nbut the resources used by the device(s) on the aux bus are explicitly\ntorn down in the error path. The KASAN-reported use-after-free also\nremains, as the DP aux \"module\" explicitly frees its devres-allocated\nmemory in this code path.\n\nAs such, explicitly depopulate the aux bus in the error path, and in the\ncomponent unbind path, to avoid these issues.\n\nPatchwork: https://patchwork.freedesktop.org/patch/542163/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53851",
"url": "https://www.suse.com/security/cve/CVE-2023-53851"
},
{
"category": "external",
"summary": "SUSE Bug 1254695 for CVE-2023-53851",
"url": "https://bugzilla.suse.com/1254695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53851"
},
{
"cve": "CVE-2023-53852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix memory leak in dhchap_secret_store\n\nFree dhchap_secret in nvme_ctrl_dhchap_secret_store() before we return\nfix following kmemleack:-\n\nunreferenced object 0xffff8886376ea800 (size 64):\n comm \"check\", pid 22048, jiffies 4344316705 (age 92.199s)\n hex dump (first 32 bytes):\n 44 48 48 43 2d 31 3a 30 30 3a 6e 78 72 35 4b 67 DHHC-1:00:nxr5Kg\n 75 58 34 75 6f 41 78 73 4a 61 34 63 2f 68 75 4c uX4uoAxsJa4c/huL\n backtrace:\n [\u003c0000000030ce5d4b\u003e] __kmalloc+0x4b/0x130\n [\u003c000000009be1cdc1\u003e] nvme_ctrl_dhchap_secret_store+0x8f/0x160 [nvme_core]\n [\u003c00000000ac06c96a\u003e] kernfs_fop_write_iter+0x12b/0x1c0\n [\u003c00000000437e7ced\u003e] vfs_write+0x2ba/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\nunreferenced object 0xffff8886376eaf00 (size 64):\n comm \"check\", pid 22048, jiffies 4344316736 (age 92.168s)\n hex dump (first 32 bytes):\n 44 48 48 43 2d 31 3a 30 30 3a 6e 78 72 35 4b 67 DHHC-1:00:nxr5Kg\n 75 58 34 75 6f 41 78 73 4a 61 34 63 2f 68 75 4c uX4uoAxsJa4c/huL\n backtrace:\n [\u003c0000000030ce5d4b\u003e] __kmalloc+0x4b/0x130\n [\u003c000000009be1cdc1\u003e] nvme_ctrl_dhchap_secret_store+0x8f/0x160 [nvme_core]\n [\u003c00000000ac06c96a\u003e] kernfs_fop_write_iter+0x12b/0x1c0\n [\u003c00000000437e7ced\u003e] vfs_write+0x2ba/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53852",
"url": "https://www.suse.com/security/cve/CVE-2023-53852"
},
{
"category": "external",
"summary": "SUSE Bug 1254653 for CVE-2023-53852",
"url": "https://bugzilla.suse.com/1254653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53852"
},
{
"cve": "CVE-2023-53855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on driver remove\n\nWhen the tagging protocol in current use is \"ocelot-8021q\" and we unbind\nthe driver, we see this splat:\n\n$ echo \u00270000:00:00.2\u0027 \u003e /sys/bus/pci/drivers/fsl_enetc/unbind\nmscc_felix 0000:00:00.5 swp0: left promiscuous mode\nsja1105 spi2.0: Link is Down\nDSA: tree 1 torn down\nmscc_felix 0000:00:00.5 swp2: left promiscuous mode\nsja1105 spi2.2: Link is Down\nDSA: tree 3 torn down\nfsl_enetc 0000:00:00.2 eno2: left promiscuous mode\nmscc_felix 0000:00:00.5: Link is Down\n------------[ cut here ]------------\nRTNL: assertion failed at net/dsa/tag_8021q.c (409)\nWARNING: CPU: 1 PID: 329 at net/dsa/tag_8021q.c:409 dsa_tag_8021q_unregister+0x12c/0x1a0\nModules linked in:\nCPU: 1 PID: 329 Comm: bash Not tainted 6.5.0-rc3+ #771\npc : dsa_tag_8021q_unregister+0x12c/0x1a0\nlr : dsa_tag_8021q_unregister+0x12c/0x1a0\nCall trace:\n dsa_tag_8021q_unregister+0x12c/0x1a0\n felix_tag_8021q_teardown+0x130/0x150\n felix_teardown+0x3c/0xd8\n dsa_tree_teardown_switches+0xbc/0xe0\n dsa_unregister_switch+0x168/0x260\n felix_pci_remove+0x30/0x60\n pci_device_remove+0x4c/0x100\n device_release_driver_internal+0x188/0x288\n device_links_unbind_consumers+0xfc/0x138\n device_release_driver_internal+0xe0/0x288\n device_driver_detach+0x24/0x38\n unbind_store+0xd8/0x108\n drv_attr_store+0x30/0x50\n---[ end trace 0000000000000000 ]---\n------------[ cut here ]------------\nRTNL: assertion failed at net/8021q/vlan_core.c (376)\nWARNING: CPU: 1 PID: 329 at net/8021q/vlan_core.c:376 vlan_vid_del+0x1b8/0x1f0\nCPU: 1 PID: 329 Comm: bash Tainted: G W 6.5.0-rc3+ #771\npc : vlan_vid_del+0x1b8/0x1f0\nlr : vlan_vid_del+0x1b8/0x1f0\n dsa_tag_8021q_unregister+0x8c/0x1a0\n felix_tag_8021q_teardown+0x130/0x150\n felix_teardown+0x3c/0xd8\n dsa_tree_teardown_switches+0xbc/0xe0\n dsa_unregister_switch+0x168/0x260\n felix_pci_remove+0x30/0x60\n pci_device_remove+0x4c/0x100\n device_release_driver_internal+0x188/0x288\n device_links_unbind_consumers+0xfc/0x138\n device_release_driver_internal+0xe0/0x288\n device_driver_detach+0x24/0x38\n unbind_store+0xd8/0x108\n drv_attr_store+0x30/0x50\nDSA: tree 0 torn down\n\nThis was somewhat not so easy to spot, because \"ocelot-8021q\" is not the\ndefault tagging protocol, and thus, not everyone who tests the unbinding\npath may have switched to it beforehand. The default\nfelix_tag_npi_teardown() does not require rtnl_lock() to be held.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53855",
"url": "https://www.suse.com/security/cve/CVE-2023-53855"
},
{
"category": "external",
"summary": "SUSE Bug 1254688 for CVE-2023-53855",
"url": "https://bugzilla.suse.com/1254688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53855"
},
{
"cve": "CVE-2023-53856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: overlay: Call of_changeset_init() early\n\nWhen of_overlay_fdt_apply() fails, the changeset may be partially\napplied, and the caller is still expected to call of_overlay_remove() to\nclean up this partial state.\n\nHowever, of_overlay_apply() calls of_resolve_phandles() before\ninit_overlay_changeset(). Hence if the overlay fails to apply due to an\nunresolved symbol, the overlay_changeset.cset.entries list is still\nuninitialized, and cleanup will crash with a NULL-pointer dereference in\noverlay_removal_is_ok().\n\nFix this by moving the call to of_changeset_init() from\ninit_overlay_changeset() to of_overlay_fdt_apply(), where all other\nearly initialization is done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53856",
"url": "https://www.suse.com/security/cve/CVE-2023-53856"
},
{
"category": "external",
"summary": "SUSE Bug 1254661 for CVE-2023-53856",
"url": "https://bugzilla.suse.com/1254661"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53856"
},
{
"cve": "CVE-2023-53857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: bpf_sk_storage: Fix invalid wait context lockdep report\n\n\u0027./test_progs -t test_local_storage\u0027 reported a splat:\n\n[ 27.137569] =============================\n[ 27.138122] [ BUG: Invalid wait context ]\n[ 27.138650] 6.5.0-03980-gd11ae1b16b0a #247 Tainted: G O\n[ 27.139542] -----------------------------\n[ 27.140106] test_progs/1729 is trying to lock:\n[ 27.140713] ffff8883ef047b88 (stock_lock){-.-.}-{3:3}, at: local_lock_acquire+0x9/0x130\n[ 27.141834] other info that might help us debug this:\n[ 27.142437] context-{5:5}\n[ 27.142856] 2 locks held by test_progs/1729:\n[ 27.143352] #0: ffffffff84bcd9c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x40\n[ 27.144492] #1: ffff888107deb2c0 (\u0026storage-\u003elock){..-.}-{2:2}, at: bpf_local_storage_update+0x39e/0x8e0\n[ 27.145855] stack backtrace:\n[ 27.146274] CPU: 0 PID: 1729 Comm: test_progs Tainted: G O 6.5.0-03980-gd11ae1b16b0a #247\n[ 27.147550] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 27.149127] Call Trace:\n[ 27.149490] \u003cTASK\u003e\n[ 27.149867] dump_stack_lvl+0x130/0x1d0\n[ 27.152609] dump_stack+0x14/0x20\n[ 27.153131] __lock_acquire+0x1657/0x2220\n[ 27.153677] lock_acquire+0x1b8/0x510\n[ 27.157908] local_lock_acquire+0x29/0x130\n[ 27.159048] obj_cgroup_charge+0xf4/0x3c0\n[ 27.160794] slab_pre_alloc_hook+0x28e/0x2b0\n[ 27.161931] __kmem_cache_alloc_node+0x51/0x210\n[ 27.163557] __kmalloc+0xaa/0x210\n[ 27.164593] bpf_map_kzalloc+0xbc/0x170\n[ 27.165147] bpf_selem_alloc+0x130/0x510\n[ 27.166295] bpf_local_storage_update+0x5aa/0x8e0\n[ 27.167042] bpf_fd_sk_storage_update_elem+0xdb/0x1a0\n[ 27.169199] bpf_map_update_value+0x415/0x4f0\n[ 27.169871] map_update_elem+0x413/0x550\n[ 27.170330] __sys_bpf+0x5e9/0x640\n[ 27.174065] __x64_sys_bpf+0x80/0x90\n[ 27.174568] do_syscall_64+0x48/0xa0\n[ 27.175201] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 27.175932] RIP: 0033:0x7effb40e41ad\n[ 27.176357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d8\n[ 27.179028] RSP: 002b:00007ffe64c21fc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000141\n[ 27.180088] RAX: ffffffffffffffda RBX: 00007ffe64c22768 RCX: 00007effb40e41ad\n[ 27.181082] RDX: 0000000000000020 RSI: 00007ffe64c22008 RDI: 0000000000000002\n[ 27.182030] RBP: 00007ffe64c21ff0 R08: 0000000000000000 R09: 00007ffe64c22788\n[ 27.183038] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000000\n[ 27.184006] R13: 00007ffe64c22788 R14: 00007effb42a1000 R15: 0000000000000000\n[ 27.184958] \u003c/TASK\u003e\n\nIt complains about acquiring a local_lock while holding a raw_spin_lock.\nIt means it should not allocate memory while holding a raw_spin_lock\nsince it is not safe for RT.\n\nraw_spin_lock is needed because bpf_local_storage supports tracing\ncontext. In particular for task local storage, it is easy to\nget a \"current\" task PTR_TO_BTF_ID in tracing bpf prog.\nHowever, task (and cgroup) local storage has already been moved to\nbpf mem allocator which can be used after raw_spin_lock.\n\nThe splat is for the sk storage. For sk (and inode) storage,\nit has not been moved to bpf mem allocator. Using raw_spin_lock or not,\nkzalloc(GFP_ATOMIC) could theoretically be unsafe in tracing context.\nHowever, the local storage helper requires a verifier accepted\nsk pointer (PTR_TO_BTF_ID), it is hypothetical if that (mean running\na bpf prog in a kzalloc unsafe context and also able to hold a verifier\naccepted sk pointer) could happen.\n\nThis patch avoids kzalloc after raw_spin_lock to silent the splat.\nThere is an existing kzalloc before the raw_spin_lock. At that point,\na kzalloc is very likely required because a lookup has just been done\nbefore. Thus, this patch always does the kzalloc before acq\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53857",
"url": "https://www.suse.com/security/cve/CVE-2023-53857"
},
{
"category": "external",
"summary": "SUSE Bug 1254648 for CVE-2023-53857",
"url": "https://bugzilla.suse.com/1254648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53857"
},
{
"cve": "CVE-2023-53858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error\n\nIf clk_get_rate() fails, the clk that has just been allocated needs to be\nfreed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53858",
"url": "https://www.suse.com/security/cve/CVE-2023-53858"
},
{
"category": "external",
"summary": "SUSE Bug 1254704 for CVE-2023-53858",
"url": "https://bugzilla.suse.com/1254704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53858"
},
{
"cve": "CVE-2023-53860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: don\u0027t attempt to queue IO under RCU protection\n\ndm looks up the table for IO based on the request type, with an\nassumption that if the request is marked REQ_NOWAIT, it\u0027s fine to\nattempt to submit that IO while under RCU read lock protection. This\nis not OK, as REQ_NOWAIT just means that we should not be sleeping\nwaiting on other IO, it does not mean that we can\u0027t potentially\nschedule.\n\nA simple test case demonstrates this quite nicely:\n\nint main(int argc, char *argv[])\n{\n struct iovec iov;\n int fd;\n\n fd = open(\"/dev/dm-0\", O_RDONLY | O_DIRECT);\n posix_memalign(\u0026iov.iov_base, 4096, 4096);\n iov.iov_len = 4096;\n preadv2(fd, \u0026iov, 1, 0, RWF_NOWAIT);\n return 0;\n}\n\nwhich will instantly spew:\n\nBUG: sleeping function called from invalid context at include/linux/sched/mm.h:306\nin_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5580, name: dm-nowait\npreempt_count: 0, expected: 0\nRCU nest depth: 1, expected: 0\nINFO: lockdep is turned off.\nCPU: 7 PID: 5580 Comm: dm-nowait Not tainted 6.6.0-rc1-g39956d2dcd81 #132\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x11d/0x1b0\n __might_resched+0x3c3/0x5e0\n ? preempt_count_sub+0x150/0x150\n mempool_alloc+0x1e2/0x390\n ? mempool_resize+0x7d0/0x7d0\n ? lock_sync+0x190/0x190\n ? lock_release+0x4b7/0x670\n ? internal_get_user_pages_fast+0x868/0x2d40\n bio_alloc_bioset+0x417/0x8c0\n ? bvec_alloc+0x200/0x200\n ? internal_get_user_pages_fast+0xb8c/0x2d40\n bio_alloc_clone+0x53/0x100\n dm_submit_bio+0x27f/0x1a20\n ? lock_release+0x4b7/0x670\n ? blk_try_enter_queue+0x1a0/0x4d0\n ? dm_dax_direct_access+0x260/0x260\n ? rcu_is_watching+0x12/0xb0\n ? blk_try_enter_queue+0x1cc/0x4d0\n __submit_bio+0x239/0x310\n ? __bio_queue_enter+0x700/0x700\n ? kvm_clock_get_cycles+0x40/0x60\n ? ktime_get+0x285/0x470\n submit_bio_noacct_nocheck+0x4d9/0xb80\n ? should_fail_request+0x80/0x80\n ? preempt_count_sub+0x150/0x150\n ? lock_release+0x4b7/0x670\n ? __bio_add_page+0x143/0x2d0\n ? iov_iter_revert+0x27/0x360\n submit_bio_noacct+0x53e/0x1b30\n submit_bio_wait+0x10a/0x230\n ? submit_bio_wait_endio+0x40/0x40\n __blkdev_direct_IO_simple+0x4f8/0x780\n ? blkdev_bio_end_io+0x4c0/0x4c0\n ? stack_trace_save+0x90/0xc0\n ? __bio_clone+0x3c0/0x3c0\n ? lock_release+0x4b7/0x670\n ? lock_sync+0x190/0x190\n ? atime_needs_update+0x3bf/0x7e0\n ? timestamp_truncate+0x21b/0x2d0\n ? inode_owner_or_capable+0x240/0x240\n blkdev_direct_IO.part.0+0x84a/0x1810\n ? rcu_is_watching+0x12/0xb0\n ? lock_release+0x4b7/0x670\n ? blkdev_read_iter+0x40d/0x530\n ? reacquire_held_locks+0x4e0/0x4e0\n ? __blkdev_direct_IO_simple+0x780/0x780\n ? rcu_is_watching+0x12/0xb0\n ? __mark_inode_dirty+0x297/0xd50\n ? preempt_count_add+0x72/0x140\n blkdev_read_iter+0x2a4/0x530\n do_iter_readv_writev+0x2f2/0x3c0\n ? generic_copy_file_range+0x1d0/0x1d0\n ? fsnotify_perm.part.0+0x25d/0x630\n ? security_file_permission+0xd8/0x100\n do_iter_read+0x31b/0x880\n ? import_iovec+0x10b/0x140\n vfs_readv+0x12d/0x1a0\n ? vfs_iter_read+0xb0/0xb0\n ? rcu_is_watching+0x12/0xb0\n ? rcu_is_watching+0x12/0xb0\n ? lock_release+0x4b7/0x670\n do_preadv+0x1b3/0x260\n ? do_readv+0x370/0x370\n __x64_sys_preadv2+0xef/0x150\n do_syscall_64+0x39/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f5af41ad806\nCode: 41 54 41 89 fc 55 44 89 c5 53 48 89 cb 48 83 ec 18 80 3d e4 dd 0d 00 00 74 7a 45 89 c1 49 89 ca 45 31 c0 b8 47 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 0f 87 be 00 00 00 48 85 c0 79 4a 48 8b 0d da 55\nRSP: 002b:00007ffd3145c7f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000147\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5af41ad806\nRDX: 0000000000000001 RSI: 00007ffd3145c850 RDI: 0000000000000003\nRBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000008\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003\nR13: 00007ffd3145c850 R14: 000055f5f0431dd8 R15: 0000000000000001\n \u003c/TASK\u003e\n\nwhere in fact it is\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53860",
"url": "https://www.suse.com/security/cve/CVE-2023-53860"
},
{
"category": "external",
"summary": "SUSE Bug 1254626 for CVE-2023-53860",
"url": "https://bugzilla.suse.com/1254626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53860"
},
{
"cve": "CVE-2023-53861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: correct grp validation in ext4_mb_good_group\n\nGroup corruption check will access memory of grp and will trigger kernel\ncrash if grp is NULL. So do NULL check before corruption check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53861",
"url": "https://www.suse.com/security/cve/CVE-2023-53861"
},
{
"category": "external",
"summary": "SUSE Bug 1254678 for CVE-2023-53861",
"url": "https://bugzilla.suse.com/1254678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53861"
},
{
"cve": "CVE-2023-53863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: do not hard code device address lenth in fdb dumps\n\nsyzbot reports that some netdev devices do not have a six bytes\naddress [1]\n\nReplace ETH_ALEN by dev-\u003eaddr_len.\n\n[1] (Case of a device where dev-\u003eaddr_len = 4)\n\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169\ninstrument_copy_to_user include/linux/instrumented.h:114 [inline]\ncopyout+0xb8/0x100 lib/iov_iter.c:169\n_copy_to_iter+0x6d8/0x1d00 lib/iov_iter.c:536\ncopy_to_iter include/linux/uio.h:206 [inline]\nsimple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513\n__skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419\nskb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527\nskb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\nnetlink_recvmsg+0x4ae/0x15a0 net/netlink/af_netlink.c:1970\nsock_recvmsg_nosec net/socket.c:1019 [inline]\nsock_recvmsg net/socket.c:1040 [inline]\n____sys_recvmsg+0x283/0x7f0 net/socket.c:2722\n___sys_recvmsg+0x223/0x840 net/socket.c:2764\ndo_recvmmsg+0x4f9/0xfd0 net/socket.c:2858\n__sys_recvmmsg net/socket.c:2937 [inline]\n__do_sys_recvmmsg net/socket.c:2960 [inline]\n__se_sys_recvmmsg net/socket.c:2953 [inline]\n__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was stored to memory at:\n__nla_put lib/nlattr.c:1009 [inline]\nnla_put+0x1c6/0x230 lib/nlattr.c:1067\nnlmsg_populate_fdb_fill+0x2b8/0x600 net/core/rtnetlink.c:4071\nnlmsg_populate_fdb net/core/rtnetlink.c:4418 [inline]\nndo_dflt_fdb_dump+0x616/0x840 net/core/rtnetlink.c:4456\nrtnl_fdb_dump+0x14ff/0x1fc0 net/core/rtnetlink.c:4629\nnetlink_dump+0x9d1/0x1310 net/netlink/af_netlink.c:2268\nnetlink_recvmsg+0xc5c/0x15a0 net/netlink/af_netlink.c:1995\nsock_recvmsg_nosec+0x7a/0x120 net/socket.c:1019\n____sys_recvmsg+0x664/0x7f0 net/socket.c:2720\n___sys_recvmsg+0x223/0x840 net/socket.c:2764\ndo_recvmmsg+0x4f9/0xfd0 net/socket.c:2858\n__sys_recvmmsg net/socket.c:2937 [inline]\n__do_sys_recvmmsg net/socket.c:2960 [inline]\n__se_sys_recvmmsg net/socket.c:2953 [inline]\n__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\nslab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716\nslab_alloc_node mm/slub.c:3451 [inline]\n__kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490\nkmalloc_trace+0x51/0x200 mm/slab_common.c:1057\nkmalloc include/linux/slab.h:559 [inline]\n__hw_addr_create net/core/dev_addr_lists.c:60 [inline]\n__hw_addr_add_ex+0x2e5/0x9e0 net/core/dev_addr_lists.c:118\n__dev_mc_add net/core/dev_addr_lists.c:867 [inline]\ndev_mc_add+0x9a/0x130 net/core/dev_addr_lists.c:885\nigmp6_group_added+0x267/0xbc0 net/ipv6/mcast.c:680\nipv6_mc_up+0x296/0x3b0 net/ipv6/mcast.c:2754\nipv6_mc_remap+0x1e/0x30 net/ipv6/mcast.c:2708\naddrconf_type_change net/ipv6/addrconf.c:3731 [inline]\naddrconf_notify+0x4d3/0x1d90 net/ipv6/addrconf.c:3699\nnotifier_call_chain kernel/notifier.c:93 [inline]\nraw_notifier_call_chain+0xe4/0x430 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1935 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:1973 [inline]\ncall_netdevice_notifiers+0x1ee/0x2d0 net/core/dev.c:1987\nbond_enslave+0xccd/0x53f0 drivers/net/bonding/bond_main.c:1906\ndo_set_master net/core/rtnetlink.c:2626 [inline]\nrtnl_newlink_create net/core/rtnetlink.c:3460 [inline]\n__rtnl_newlink net/core/rtnetlink.c:3660 [inline]\nrtnl_newlink+0x378c/0x40e0 net/core/rtnetlink.c:3673\nrtnetlink_rcv_msg+0x16a6/0x1840 net/core/rtnetlink.c:6395\nnetlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2546\nrtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6413\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0xf28/0x1230 net/netlink/af_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53863",
"url": "https://www.suse.com/security/cve/CVE-2023-53863"
},
{
"category": "external",
"summary": "SUSE Bug 1254657 for CVE-2023-53863",
"url": "https://bugzilla.suse.com/1254657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53863"
},
{
"cve": "CVE-2023-53864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()\n\nWhen disabling overlay plane in mxsfb_plane_overlay_atomic_update(),\noverlay plane\u0027s framebuffer pointer is NULL. So, dereferencing it would\ncause a kernel Oops(NULL pointer dereferencing). Fix the issue by\ndisabling overlay plane in mxsfb_plane_overlay_atomic_disable() instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53864",
"url": "https://www.suse.com/security/cve/CVE-2023-53864"
},
{
"category": "external",
"summary": "SUSE Bug 1254754 for CVE-2023-53864",
"url": "https://bugzilla.suse.com/1254754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53864"
},
{
"cve": "CVE-2023-53865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix warning when putting transaction with qgroups enabled after abort\n\nIf we have a transaction abort with qgroups enabled we get a warning\ntriggered when doing the final put on the transaction, like this:\n\n [552.6789] ------------[ cut here ]------------\n [552.6815] WARNING: CPU: 4 PID: 81745 at fs/btrfs/transaction.c:144 btrfs_put_transaction+0x123/0x130 [btrfs]\n [552.6817] Modules linked in: btrfs blake2b_generic xor (...)\n [552.6819] CPU: 4 PID: 81745 Comm: btrfs-transacti Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [552.6819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n [552.6819] RIP: 0010:btrfs_put_transaction+0x123/0x130 [btrfs]\n [552.6821] Code: bd a0 01 00 (...)\n [552.6821] RSP: 0018:ffffa168c0527e28 EFLAGS: 00010286\n [552.6821] RAX: ffff936042caed00 RBX: ffff93604a3eb448 RCX: 0000000000000000\n [552.6821] RDX: ffff93606421b028 RSI: ffffffff92ff0878 RDI: ffff93606421b010\n [552.6821] RBP: ffff93606421b000 R08: 0000000000000000 R09: ffffa168c0d07c20\n [552.6821] R10: 0000000000000000 R11: ffff93608dc52950 R12: ffffa168c0527e70\n [552.6821] R13: ffff93606421b000 R14: ffff93604a3eb420 R15: ffff93606421b028\n [552.6821] FS: 0000000000000000(0000) GS:ffff93675fb00000(0000) knlGS:0000000000000000\n [552.6821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [552.6821] CR2: 0000558ad262b000 CR3: 000000014feda005 CR4: 0000000000370ee0\n [552.6822] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [552.6822] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [552.6822] Call Trace:\n [552.6822] \u003cTASK\u003e\n [552.6822] ? __warn+0x80/0x130\n [552.6822] ? btrfs_put_transaction+0x123/0x130 [btrfs]\n [552.6824] ? report_bug+0x1f4/0x200\n [552.6824] ? handle_bug+0x42/0x70\n [552.6824] ? exc_invalid_op+0x14/0x70\n [552.6824] ? asm_exc_invalid_op+0x16/0x20\n [552.6824] ? btrfs_put_transaction+0x123/0x130 [btrfs]\n [552.6826] btrfs_cleanup_transaction+0xe7/0x5e0 [btrfs]\n [552.6828] ? _raw_spin_unlock_irqrestore+0x23/0x40\n [552.6828] ? try_to_wake_up+0x94/0x5e0\n [552.6828] ? __pfx_process_timeout+0x10/0x10\n [552.6828] transaction_kthread+0x103/0x1d0 [btrfs]\n [552.6830] ? __pfx_transaction_kthread+0x10/0x10 [btrfs]\n [552.6832] kthread+0xee/0x120\n [552.6832] ? __pfx_kthread+0x10/0x10\n [552.6832] ret_from_fork+0x29/0x50\n [552.6832] \u003c/TASK\u003e\n [552.6832] ---[ end trace 0000000000000000 ]---\n\nThis corresponds to this line of code:\n\n void btrfs_put_transaction(struct btrfs_transaction *transaction)\n {\n (...)\n WARN_ON(!RB_EMPTY_ROOT(\n \u0026transaction-\u003edelayed_refs.dirty_extent_root));\n (...)\n }\n\nThe warning happens because btrfs_qgroup_destroy_extent_records(), called\nin the transaction abort path, we free all entries from the rbtree\n\"dirty_extent_root\" with rbtree_postorder_for_each_entry_safe(), but we\ndon\u0027t actually empty the rbtree - it\u0027s still pointing to nodes that were\nfreed.\n\nSo set the rbtree\u0027s root node to NULL to avoid this warning (assign\nRB_ROOT).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53865",
"url": "https://www.suse.com/security/cve/CVE-2023-53865"
},
{
"category": "external",
"summary": "SUSE Bug 1254762 for CVE-2023-53865",
"url": "https://bugzilla.suse.com/1254762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53865"
},
{
"cve": "CVE-2023-53989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mm: fix VA-range sanity check\n\nBoth create_mapping_noalloc() and update_mapping_prot() sanity-check\ntheir \u0027virt\u0027 parameter, but the check itself doesn\u0027t make much sense.\nThe condition used today appears to be a historical accident.\n\nThe sanity-check condition:\n\n\tif ((virt \u003e= PAGE_END) \u0026\u0026 (virt \u003c VMALLOC_START)) {\n\t\t[ ... warning here ... ]\n\t\treturn;\n\t}\n\n... can only be true for the KASAN shadow region or the module region,\nand there\u0027s no reason to exclude these specifically for creating and\nupdateing mappings.\n\nWhen arm64 support was first upstreamed in commit:\n\n c1cc1552616d0f35 (\"arm64: MMU initialisation\")\n\n... the condition was:\n\n\tif (virt \u003c VMALLOC_START) {\n\t\t[ ... warning here ... ]\n\t\treturn;\n\t}\n\nAt the time, VMALLOC_START was the lowest kernel address, and this was\nchecking whether \u0027virt\u0027 would be translated via TTBR1.\n\nSubsequently in commit:\n\n 14c127c957c1c607 (\"arm64: mm: Flip kernel VA space\")\n\n... the condition was changed to:\n\n\tif ((virt \u003e= VA_START) \u0026\u0026 (virt \u003c VMALLOC_START)) {\n\t\t[ ... warning here ... ]\n\t\treturn;\n\t}\n\nThis appear to have been a thinko. The commit moved the linear map to\nthe bottom of the kernel address space, with VMALLOC_START being at the\nhalfway point. The old condition would warn for changes to the linear\nmap below this, and at the time VA_START was the end of the linear map.\n\nSubsequently we cleaned up the naming of VA_START in commit:\n\n 77ad4ce69321abbe (\"arm64: memory: rename VA_START to PAGE_END\")\n\n... keeping the erroneous condition as:\n\n\tif ((virt \u003e= PAGE_END) \u0026\u0026 (virt \u003c VMALLOC_START)) {\n\t\t[ ... warning here ... ]\n\t\treturn;\n\t}\n\nCorrect the condition to check against the start of the TTBR1 address\nspace, which is currently PAGE_OFFSET. This simplifies the logic, and\nmore clearly matches the \"outside kernel range\" message in the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53989",
"url": "https://www.suse.com/security/cve/CVE-2023-53989"
},
{
"category": "external",
"summary": "SUSE Bug 1256302 for CVE-2023-53989",
"url": "https://bugzilla.suse.com/1256302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53989"
},
{
"cve": "CVE-2023-53992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: ocb: don\u0027t leave if not joined\n\nIf there\u0027s no OCB state, don\u0027t ask the driver/mac80211 to\nleave, since that\u0027s just confusing. Since set/clear the\nchandef state, that\u0027s a simple check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53992",
"url": "https://www.suse.com/security/cve/CVE-2023-53992"
},
{
"category": "external",
"summary": "SUSE Bug 1256058 for CVE-2023-53992",
"url": "https://bugzilla.suse.com/1256058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53992"
},
{
"cve": "CVE-2023-53994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: remove WARN_ON to prevent panic_on_warn\n\nRemove unnecessary early code development check and the WARN_ON\nthat it uses. The irq alloc and free paths have long been\ncleaned up and this check shouldn\u0027t have stuck around so long.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53994",
"url": "https://www.suse.com/security/cve/CVE-2023-53994"
},
{
"category": "external",
"summary": "SUSE Bug 1255570 for CVE-2023-53994",
"url": "https://bugzilla.suse.com/1255570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53994"
},
{
"cve": "CVE-2023-53995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix one memleak in __inet_del_ifa()\n\nI got the below warning when do fuzzing test:\nunregister_netdevice: waiting for bond0 to become free. Usage count = 2\n\nIt can be repoduced via:\n\nip link add bond0 type bond\nsysctl -w net.ipv4.conf.bond0.promote_secondaries=1\nip addr add 4.117.174.103/0 scope 0x40 dev bond0\nip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0\nip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0\nip addr del 4.117.174.103/0 scope 0x40 dev bond0\nip link delete bond0 type bond\n\nIn this reproduction test case, an incorrect \u0027last_prim\u0027 is found in\n__inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40)\nis lost. The memory of the secondary address is leaked and the reference of\nin_device and net_device is leaked.\n\nFix this problem:\nLook for \u0027last_prim\u0027 starting at location of the deleted IP and inserting\nthe promoted IP into the location of \u0027last_prim\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53995",
"url": "https://www.suse.com/security/cve/CVE-2023-53995"
},
{
"category": "external",
"summary": "SUSE Bug 1255616 for CVE-2023-53995",
"url": "https://bugzilla.suse.com/1255616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53995"
},
{
"cve": "CVE-2023-53996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Make enc_dec_hypercall() accept a size instead of npages\n\nenc_dec_hypercall() accepted a page count instead of a size, which\nforced its callers to round up. As a result, non-page aligned\nvaddrs caused pages to be spuriously marked as decrypted via the\nencryption status hypercall, which in turn caused consistent\ncorruption of pages during live migration. Live migration requires\naccurate encryption status information to avoid migrating pages\nfrom the wrong perspective.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53996",
"url": "https://www.suse.com/security/cve/CVE-2023-53996"
},
{
"category": "external",
"summary": "SUSE Bug 1255618 for CVE-2023-53996",
"url": "https://bugzilla.suse.com/1255618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53996"
},
{
"cve": "CVE-2023-53997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: of: fix double-free on unregistration\n\nSince commit 3d439b1a2ad3 (\"thermal/core: Alloc-copy-free the thermal\nzone parameters structure\"), thermal_zone_device_register() allocates\na copy of the tzp argument and frees it when unregistering, so\nthermal_of_zone_register() now ends up leaking its original tzp and\ndouble-freeing the tzp copy. Fix this by locating tzp on stack instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53997",
"url": "https://www.suse.com/security/cve/CVE-2023-53997"
},
{
"category": "external",
"summary": "SUSE Bug 1255632 for CVE-2023-53997",
"url": "https://bugzilla.suse.com/1255632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53997"
},
{
"cve": "CVE-2023-53998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: virtio - Fix race on data_avail and actual data\n\nThe virtio rng device kicks off a new entropy request whenever the\ndata available reaches zero. When a new request occurs at the end\nof a read operation, that is, when the result of that request is\nonly needed by the next reader, then there is a race between the\nwriting of the new data and the next reader.\n\nThis is because there is no synchronisation whatsoever between the\nwriter and the reader.\n\nFix this by writing data_avail with smp_store_release and reading\nit with smp_load_acquire when we first enter read. The subsequent\nreads are safe because they\u0027re either protected by the first load\nacquire, or by the completion mechanism.\n\nAlso remove the redundant zeroing of data_idx in random_recv_done\n(data_idx must already be zero at this point) and data_avail in\nrequest_entropy (ditto).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53998",
"url": "https://www.suse.com/security/cve/CVE-2023-53998"
},
{
"category": "external",
"summary": "SUSE Bug 1255578 for CVE-2023-53998",
"url": "https://bugzilla.suse.com/1255578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53998"
},
{
"cve": "CVE-2023-53999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: TC, Fix internal port memory leak\n\nThe flow rule can be splited, and the extra post_act rules are added\nto post_act table. It\u0027s possible to trigger memleak when the rule\nforwards packets from internal port and over tunnel, in the case that,\nfor example, CT \u0027new\u0027 state offload is allowed. As int_port object is\nassigned to the flow attribute of post_act rule, and its refcnt is\nincremented by mlx5e_tc_int_port_get(), but mlx5e_tc_int_port_put() is\nnot called, the refcnt is never decremented, then int_port is never\nfreed.\n\nThe kmemleak reports the following error:\nunreferenced object 0xffff888128204b80 (size 64):\n comm \"handler20\", pid 50121, jiffies 4296973009 (age 642.932s)\n hex dump (first 32 bytes):\n 01 00 00 00 19 00 00 00 03 f0 00 00 04 00 00 00 ................\n 98 77 67 41 81 88 ff ff 98 77 67 41 81 88 ff ff .wgA.....wgA....\n backtrace:\n [\u003c00000000e992680d\u003e] kmalloc_trace+0x27/0x120\n [\u003c000000009e945a98\u003e] mlx5e_tc_int_port_get+0x3f3/0xe20 [mlx5_core]\n [\u003c0000000035a537f0\u003e] mlx5e_tc_add_fdb_flow+0x473/0xcf0 [mlx5_core]\n [\u003c0000000070c2cec6\u003e] __mlx5e_add_fdb_flow+0x7cf/0xe90 [mlx5_core]\n [\u003c000000005cc84048\u003e] mlx5e_configure_flower+0xd40/0x4c40 [mlx5_core]\n [\u003c000000004f8a2031\u003e] mlx5e_rep_indr_offload.isra.0+0x10e/0x1c0 [mlx5_core]\n [\u003c000000007df797dc\u003e] mlx5e_rep_indr_setup_tc_cb+0x90/0x130 [mlx5_core]\n [\u003c0000000016c15cc3\u003e] tc_setup_cb_add+0x1cf/0x410\n [\u003c00000000a63305b4\u003e] fl_hw_replace_filter+0x38f/0x670 [cls_flower]\n [\u003c000000008bc9e77c\u003e] fl_change+0x1fd5/0x4430 [cls_flower]\n [\u003c00000000e7f766e4\u003e] tc_new_tfilter+0x867/0x2010\n [\u003c00000000e101c0ef\u003e] rtnetlink_rcv_msg+0x6fc/0x9f0\n [\u003c00000000e1111d44\u003e] netlink_rcv_skb+0x12c/0x360\n [\u003c0000000082dd6c8b\u003e] netlink_unicast+0x438/0x710\n [\u003c00000000fc568f70\u003e] netlink_sendmsg+0x794/0xc50\n [\u003c0000000016e92590\u003e] sock_sendmsg+0xc5/0x190\n\nSo fix this by moving int_port cleanup code to the flow attribute\nfree helper, which is used by all the attribute free cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53999",
"url": "https://www.suse.com/security/cve/CVE-2023-53999"
},
{
"category": "external",
"summary": "SUSE Bug 1255621 for CVE-2023-53999",
"url": "https://bugzilla.suse.com/1255621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53999"
},
{
"cve": "CVE-2023-54000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix deadlock issue when externel_lb and reset are executed together\n\nWhen externel_lb and reset are executed together, a deadlock may\noccur:\n[ 3147.217009] INFO: task kworker/u321:0:7 blocked for more than 120 seconds.\n[ 3147.230483] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 3147.238999] task:kworker/u321:0 state:D stack: 0 pid: 7 ppid: 2 flags:0x00000008\n[ 3147.248045] Workqueue: hclge hclge_service_task [hclge]\n[ 3147.253957] Call trace:\n[ 3147.257093] __switch_to+0x7c/0xbc\n[ 3147.261183] __schedule+0x338/0x6f0\n[ 3147.265357] schedule+0x50/0xe0\n[ 3147.269185] schedule_preempt_disabled+0x18/0x24\n[ 3147.274488] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 3147.279880] __mutex_lock_slowpath+0x1c/0x30\n[ 3147.284839] mutex_lock+0x50/0x60\n[ 3147.288841] rtnl_lock+0x20/0x2c\n[ 3147.292759] hclge_reset_prepare+0x68/0x90 [hclge]\n[ 3147.298239] hclge_reset_subtask+0x88/0xe0 [hclge]\n[ 3147.303718] hclge_reset_service_task+0x84/0x120 [hclge]\n[ 3147.309718] hclge_service_task+0x2c/0x70 [hclge]\n[ 3147.315109] process_one_work+0x1d0/0x490\n[ 3147.319805] worker_thread+0x158/0x3d0\n[ 3147.324240] kthread+0x108/0x13c\n[ 3147.328154] ret_from_fork+0x10/0x18\n\nIn externel_lb process, the hns3 driver call napi_disable()\nfirst, then the reset happen, then the restore process of the\nexternel_lb will fail, and will not call napi_enable(). When\ndoing externel_lb again, napi_disable() will be double call,\ncause a deadlock of rtnl_lock().\n\nThis patch use the HNS3_NIC_STATE_DOWN state to protect the\ncalling of napi_disable() and napi_enable() in externel_lb\nprocess, just as the usage in ndo_stop() and ndo_start().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54000",
"url": "https://www.suse.com/security/cve/CVE-2023-54000"
},
{
"category": "external",
"summary": "SUSE Bug 1255564 for CVE-2023-54000",
"url": "https://bugzilla.suse.com/1255564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54000"
},
{
"cve": "CVE-2023-54001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: r8712: Fix memory leak in _r8712_init_xmit_priv()\n\nIn the above mentioned routine, memory is allocated in several places.\nIf the first succeeds and a later one fails, the routine will leak memory.\nThis patch fixes commit 2865d42c78a9 (\"staging: r8712u: Add the new driver\nto the mainline kernel\"). A potential memory leak in\nr8712_xmit_resource_alloc() is also addressed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54001",
"url": "https://www.suse.com/security/cve/CVE-2023-54001"
},
{
"category": "external",
"summary": "SUSE Bug 1255628 for CVE-2023-54001",
"url": "https://bugzilla.suse.com/1255628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54001"
},
{
"cve": "CVE-2023-54005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix memory leak in binder_init()\n\nIn binder_init(), the destruction of binder_alloc_shrinker_init() is not\nperformed in the wrong path, which will cause memory leaks. So this commit\nintroduces binder_alloc_shrinker_exit() and calls it in the wrong path to\nfix that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54005",
"url": "https://www.suse.com/security/cve/CVE-2023-54005"
},
{
"category": "external",
"summary": "SUSE Bug 1255629 for CVE-2023-54005",
"url": "https://bugzilla.suse.com/1255629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54005"
},
{
"cve": "CVE-2023-54006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data-race around unix_tot_inflight.\n\nunix_tot_inflight is changed under spin_lock(unix_gc_lock), but\nunix_release_sock() reads it locklessly.\n\nLet\u0027s use READ_ONCE() for unix_tot_inflight.\n\nNote that the writer side was marked by commit 9d6d7f1cb67c (\"af_unix:\nannote lockless accesses to unix_tot_inflight \u0026 gc_in_progress\")\n\nBUG: KCSAN: data-race in unix_inflight / unix_release_sock\n\nwrite (marked) to 0xffffffff871852b8 of 4 bytes by task 123 on cpu 1:\n unix_inflight+0x130/0x180 net/unix/scm.c:64\n unix_attach_fds+0x137/0x1b0 net/unix/scm.c:123\n unix_scm_to_skb net/unix/af_unix.c:1832 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1955\n sock_sendmsg_nosec net/socket.c:724 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:747\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2493\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2547\n __sys_sendmsg+0x94/0x140 net/socket.c:2576\n __do_sys_sendmsg net/socket.c:2585 [inline]\n __se_sys_sendmsg net/socket.c:2583 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2583\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nread to 0xffffffff871852b8 of 4 bytes by task 4891 on cpu 0:\n unix_release_sock+0x608/0x910 net/unix/af_unix.c:671\n unix_release+0x59/0x80 net/unix/af_unix.c:1058\n __sock_release+0x7d/0x170 net/socket.c:653\n sock_close+0x19/0x30 net/socket.c:1385\n __fput+0x179/0x5e0 fs/file_table.c:321\n ____fput+0x15/0x20 fs/file_table.c:349\n task_work_run+0x116/0x1a0 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:171 [inline]\n exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204\n __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]\n syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297\n do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 4891 Comm: systemd-coredum Not tainted 6.4.0-rc5-01219-gfa0e21fa4443 #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54006",
"url": "https://www.suse.com/security/cve/CVE-2023-54006"
},
{
"category": "external",
"summary": "SUSE Bug 1255591 for CVE-2023-54006",
"url": "https://bugzilla.suse.com/1255591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54006"
},
{
"cve": "CVE-2023-54008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_vdpa: build affinity masks conditionally\n\nWe try to build affinity mask via create_affinity_masks()\nunconditionally which may lead several issues:\n\n- the affinity mask is not used for parent without affinity support\n (only VDUSE support the affinity now)\n- the logic of create_affinity_masks() might not work for devices\n other than block. For example it\u0027s not rare in the networking device\n where the number of queues could exceed the number of CPUs. Such\n case breaks the current affinity logic which is based on\n group_cpus_evenly() who assumes the number of CPUs are not less than\n the number of groups. This can trigger a warning[1]:\n\n\tif (ret \u003e= 0)\n\t\tWARN_ON(nr_present + nr_others \u003c numgrps);\n\nFixing this by only build the affinity masks only when\n\n- Driver passes affinity descriptor, driver like virtio-blk can make\n sure to limit the number of queues when it exceeds the number of CPUs\n- Parent support affinity setting config ops\n\nThis help to avoid the warning. More optimizations could be done on\ntop.\n\n[1]\n[ 682.146655] WARNING: CPU: 6 PID: 1550 at lib/group_cpus.c:400 group_cpus_evenly+0x1aa/0x1c0\n[ 682.146668] CPU: 6 PID: 1550 Comm: vdpa Not tainted 6.5.0-rc5jason+ #79\n[ 682.146671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n[ 682.146673] RIP: 0010:group_cpus_evenly+0x1aa/0x1c0\n[ 682.146676] Code: 4c 89 e0 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc e8 1b c4 74 ff 48 89 ef e8 13 ac 98 ff 4c 89 e7 45 31 e4 e8 08 ac 98 ff eb c2 \u003c0f\u003e 0b eb b6 e8 fd 05 c3 00 45 31 e4 eb e5 cc cc cc cc cc cc cc cc\n[ 682.146679] RSP: 0018:ffffc9000215f498 EFLAGS: 00010293\n[ 682.146682] RAX: 000000000001f1e0 RBX: 0000000000000041 RCX: 0000000000000000\n[ 682.146684] RDX: ffff888109922058 RSI: 0000000000000041 RDI: 0000000000000030\n[ 682.146686] RBP: ffff888109922058 R08: ffffc9000215f498 R09: ffffc9000215f4a0\n[ 682.146687] R10: 00000000000198d0 R11: 0000000000000030 R12: ffff888107e02800\n[ 682.146689] R13: 0000000000000030 R14: 0000000000000030 R15: 0000000000000041\n[ 682.146692] FS: 00007fef52315740(0000) GS:ffff888237380000(0000) knlGS:0000000000000000\n[ 682.146695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 682.146696] CR2: 00007fef52509000 CR3: 0000000110dbc004 CR4: 0000000000370ee0\n[ 682.146698] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 682.146700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 682.146701] Call Trace:\n[ 682.146703] \u003cTASK\u003e\n[ 682.146705] ? __warn+0x7b/0x130\n[ 682.146709] ? group_cpus_evenly+0x1aa/0x1c0\n[ 682.146712] ? report_bug+0x1c8/0x1e0\n[ 682.146717] ? handle_bug+0x3c/0x70\n[ 682.146721] ? exc_invalid_op+0x14/0x70\n[ 682.146723] ? asm_exc_invalid_op+0x16/0x20\n[ 682.146727] ? group_cpus_evenly+0x1aa/0x1c0\n[ 682.146729] ? group_cpus_evenly+0x15c/0x1c0\n[ 682.146731] create_affinity_masks+0xaf/0x1a0\n[ 682.146735] virtio_vdpa_find_vqs+0x83/0x1d0\n[ 682.146738] ? __pfx_default_calc_sets+0x10/0x10\n[ 682.146742] virtnet_find_vqs+0x1f0/0x370\n[ 682.146747] virtnet_probe+0x501/0xcd0\n[ 682.146749] ? vp_modern_get_status+0x12/0x20\n[ 682.146751] ? get_cap_addr.isra.0+0x10/0xc0\n[ 682.146754] virtio_dev_probe+0x1af/0x260\n[ 682.146759] really_probe+0x1a5/0x410",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54008",
"url": "https://www.suse.com/security/cve/CVE-2023-54008"
},
{
"category": "external",
"summary": "SUSE Bug 1255630 for CVE-2023-54008",
"url": "https://bugzilla.suse.com/1255630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54008"
},
{
"cve": "CVE-2023-54014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()\n\nKlocwork reported warning of rport maybe NULL and will be dereferenced.\nrport returned by call to fc_bsg_to_rport() could be NULL and dereferenced.\n\nCheck valid rport returned by fc_bsg_to_rport().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54014",
"url": "https://www.suse.com/security/cve/CVE-2023-54014"
},
{
"category": "external",
"summary": "SUSE Bug 1256300 for CVE-2023-54014",
"url": "https://bugzilla.suse.com/1256300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54014"
},
{
"cve": "CVE-2023-54016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak in rx_desc and tx_desc\n\nCurrently when ath12k_dp_cc_desc_init() is called we allocate\nmemory to rx_descs and tx_descs. In ath12k_dp_cc_cleanup(), during\ndescriptor cleanup rx_descs and tx_descs memory is not freed.\n\nThis is cause of memory leak. These allocated memory should be\nfreed in ath12k_dp_cc_cleanup.\n\nIn ath12k_dp_cc_desc_init(), we can save base address of rx_descs\nand tx_descs. In ath12k_dp_cc_cleanup(), we can free rx_descs and\ntx_descs memory using their base address.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54016",
"url": "https://www.suse.com/security/cve/CVE-2023-54016"
},
{
"category": "external",
"summary": "SUSE Bug 1256279 for CVE-2023-54016",
"url": "https://bugzilla.suse.com/1256279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54016"
},
{
"cve": "CVE-2023-54017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: fix possible memory leak in ibmebus_bus_init()\n\nIf device_register() returns error in ibmebus_bus_init(), name of kobject\nwhich is allocated in dev_set_name() called in device_add() is leaked.\n\nAs comment of device_add() says, it should call put_device() to drop\nthe reference count that was set in device_initialize() when it fails,\nso the name can be freed in kobject_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54017",
"url": "https://www.suse.com/security/cve/CVE-2023-54017"
},
{
"category": "external",
"summary": "SUSE Bug 1255605 for CVE-2023-54017",
"url": "https://bugzilla.suse.com/1255605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54017"
},
{
"cve": "CVE-2023-54019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/psi: use kernfs polling functions for PSI trigger polling\n\nDestroying psi trigger in cgroup_file_release causes UAF issues when\na cgroup is removed from under a polling process. This is happening\nbecause cgroup removal causes a call to cgroup_file_release while the\nactual file is still alive. Destroying the trigger at this point would\nalso destroy its waitqueue head and if there is still a polling process\non that file accessing the waitqueue, it will step on the freed pointer:\n\ndo_select\n vfs_poll\n do_rmdir\n cgroup_rmdir\n kernfs_drain_open_files\n cgroup_file_release\n cgroup_pressure_release\n psi_trigger_destroy\n wake_up_pollfree(\u0026t-\u003eevent_wait)\n// vfs_poll is unblocked\n synchronize_rcu\n kfree(t)\n poll_freewait -\u003e UAF access to the trigger\u0027s waitqueue head\n\nPatch [1] fixed this issue for epoll() case using wake_up_pollfree(),\nhowever the same issue exists for synchronous poll() case.\nThe root cause of this issue is that the lifecycles of the psi trigger\u0027s\nwaitqueue and of the file associated with the trigger are different. Fix\nthis by using kernfs_generic_poll function when polling on cgroup-specific\npsi triggers. It internally uses kernfs_open_node-\u003epoll waitqueue head\nwith its lifecycle tied to the file\u0027s lifecycle. This also renders the\nfix in [1] obsolete, so revert it.\n\n[1] commit c2dbe32d5db5 (\"sched/psi: Fix use-after-free in ep_remove_wait_queue()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54019",
"url": "https://www.suse.com/security/cve/CVE-2023-54019"
},
{
"category": "external",
"summary": "SUSE Bug 1255636 for CVE-2023-54019",
"url": "https://bugzilla.suse.com/1255636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54019"
},
{
"cve": "CVE-2023-54022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54022"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential memory leaks at error path for UMP open\n\nThe allocation and initialization errors at alloc_midi_urbs() that is\ncalled at MIDI 2.0 / UMP device are supposed to be handled at the\ncaller side by invoking free_midi_urbs(). However, free_midi_urbs()\nloops only for ep-\u003enum_urbs entries, and since ep-\u003enum_entries wasn\u0027t\nupdated yet at the allocation / init error in alloc_midi_urbs(), this\nentry won\u0027t be released.\n\nThe intention of free_midi_urbs() is to release the whole elements, so\nchange the loop size to NUM_URBS to scan over all elements for fixing\nthe missed releases.\n\nAlso, the call of free_midi_urbs() is missing at\nsnd_usb_midi_v2_open(). Although it\u0027ll be released later at\nreopen/close or disconnection, it\u0027s better to release immediately at\nthe error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54022",
"url": "https://www.suse.com/security/cve/CVE-2023-54022"
},
{
"category": "external",
"summary": "SUSE Bug 1255545 for CVE-2023-54022",
"url": "https://bugzilla.suse.com/1255545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54022"
},
{
"cve": "CVE-2023-54023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54023"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between balance and cancel/pause\n\nSyzbot reported a panic that looks like this:\n\n assertion failed: fs_info-\u003eexclusive_operation == BTRFS_EXCLOP_BALANCE_PAUSED, in fs/btrfs/ioctl.c:465\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/messages.c:259!\n RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259\n Call Trace:\n \u003cTASK\u003e\n btrfs_exclop_balance fs/btrfs/ioctl.c:465 [inline]\n btrfs_ioctl_balance fs/btrfs/ioctl.c:3564 [inline]\n btrfs_ioctl+0x531e/0x5b30 fs/btrfs/ioctl.c:4632\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe reproducer is running a balance and a cancel or pause in parallel.\nThe way balance finishes is a bit wonky, if we were paused we need to\nsave the balance_ctl in the fs_info, but clear it otherwise and cleanup.\nHowever we rely on the return values being specific errors, or having a\ncancel request or no pause request. If balance completes and returns 0,\nbut we have a pause or cancel request we won\u0027t do the appropriate\ncleanup, and then the next time we try to start a balance we\u0027ll trip\nthis ASSERT.\n\nThe error handling is just wrong here, we always want to clean up,\nunless we got -ECANCELLED and we set the appropriate pause flag in the\nexclusive op. With this patch the reproducer ran for an hour without\ntripping, previously it would trip in less than a few minutes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54023",
"url": "https://www.suse.com/security/cve/CVE-2023-54023"
},
{
"category": "external",
"summary": "SUSE Bug 1256301 for CVE-2023-54023",
"url": "https://bugzilla.suse.com/1256301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54023"
},
{
"cve": "CVE-2023-54025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Do not configure WoWlan in shutdown hook if not enabled\n\nIn case WoWlan was never configured during the operation of the system,\nthe hw-\u003ewiphy-\u003ewowlan_config will be NULL. rsi_config_wowlan() checks\nwhether wowlan_config is non-NULL and if it is not, then WARNs about it.\nThe warning is valid, as during normal operation the rsi_config_wowlan()\nshould only ever be called with non-NULL wowlan_config. In shutdown this\nrsi_config_wowlan() should only ever be called if WoWlan was configured\nbefore by the user.\n\nAdd checks for non-NULL wowlan_config into the shutdown hook. While at it,\ncheck whether the wiphy is also non-NULL before accessing wowlan_config .\nDrop the single-use wowlan_config variable, just inline it into function\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54025",
"url": "https://www.suse.com/security/cve/CVE-2023-54025"
},
{
"category": "external",
"summary": "SUSE Bug 1255558 for CVE-2023-54025",
"url": "https://bugzilla.suse.com/1255558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54025"
},
{
"cve": "CVE-2023-54026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopp: Fix use-after-free in lazy_opp_tables after probe deferral\n\nWhen dev_pm_opp_of_find_icc_paths() in _allocate_opp_table() returns\n-EPROBE_DEFER, the opp_table is freed again, to wait until all the\ninterconnect paths are available.\n\nHowever, if the OPP table is using required-opps then it may already\nhave been added to the global lazy_opp_tables list. The error path\ndoes not remove the opp_table from the list again.\n\nThis can cause crashes later when the provider of the required-opps\nis added, since we will iterate over OPP tables that have already been\nfreed. E.g.:\n\n Unable to handle kernel NULL pointer dereference when read\n CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.4.0-rc3\n PC is at _of_add_opp_table_v2 (include/linux/of.h:949\n drivers/opp/of.c:98 drivers/opp/of.c:344 drivers/opp/of.c:404\n drivers/opp/of.c:1032) -\u003e lazy_link_required_opp_table()\n\nFix this by calling _of_clear_opp_table() to remove the opp_table from\nthe list and clear other allocated resources. While at it, also add the\nmissing mutex_destroy() calls in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54026",
"url": "https://www.suse.com/security/cve/CVE-2023-54026"
},
{
"category": "external",
"summary": "SUSE Bug 1255549 for CVE-2023-54026",
"url": "https://bugzilla.suse.com/1255549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54026"
},
{
"cve": "CVE-2023-54027",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54027"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: core: Prevent invalid memory access when there is no parent\n\nCommit 813665564b3d (\"iio: core: Convert to use firmware node handle\ninstead of OF node\") switched the kind of nodes to use for label\nretrieval in device registration. Probably an unwanted change in that\ncommit was that if the device has no parent then NULL pointer is\naccessed. This is what happens in the stock IIO dummy driver when a\nnew entry is created in configfs:\n\n # mkdir /sys/kernel/config/iio/devices/dummy/foo\n BUG: kernel NULL pointer dereference, address: ...\n ...\n Call Trace:\n __iio_device_register\n iio_dummy_probe\n\nSince there seems to be no reason to make a parent device of an IIO\ndummy device mandatory, let\u0027s prevent the invalid memory access in\n__iio_device_register when the parent device is NULL. With this\nchange, the IIO dummy driver works fine with configfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54027",
"url": "https://www.suse.com/security/cve/CVE-2023-54027"
},
{
"category": "external",
"summary": "SUSE Bug 1255579 for CVE-2023-54027",
"url": "https://bugzilla.suse.com/1255579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54027"
},
{
"cve": "CVE-2023-54030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: don\u0027t overflow multishot recv\n\nDon\u0027t allow overflowing multishot recv CQEs, it might get out of\nhand, hurt performance, and in the worst case scenario OOM the task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54030",
"url": "https://www.suse.com/security/cve/CVE-2023-54030"
},
{
"category": "external",
"summary": "SUSE Bug 1255691 for CVE-2023-54030",
"url": "https://bugzilla.suse.com/1255691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54030"
},
{
"cve": "CVE-2023-54031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add queue index attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa queue index attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54031",
"url": "https://www.suse.com/security/cve/CVE-2023-54031"
},
{
"category": "external",
"summary": "SUSE Bug 1255583 for CVE-2023-54031",
"url": "https://bugzilla.suse.com/1255583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54031"
},
{
"cve": "CVE-2023-54032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race when deleting quota root from the dirty cow roots list\n\nWhen disabling quotas we are deleting the quota root from the list\nfs_info-\u003edirty_cowonly_roots without taking the lock that protects it,\nwhich is struct btrfs_fs_info::trans_lock. This unsynchronized list\nmanipulation may cause chaos if there\u0027s another concurrent manipulation\nof this list, such as when adding a root to it with\nctree.c:add_root_to_dirty_list().\n\nThis can result in all sorts of weird failures caused by a race, such as\nthe following crash:\n\n [337571.278245] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] PREEMPT SMP PTI\n [337571.278933] CPU: 1 PID: 115447 Comm: btrfs Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [337571.279153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [337571.279572] RIP: 0010:commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.279928] Code: 85 38 06 00 (...)\n [337571.280363] RSP: 0018:ffff9f63446efba0 EFLAGS: 00010206\n [337571.280582] RAX: ffff942d98ec2638 RBX: ffff9430b82b4c30 RCX: 0000000449e1c000\n [337571.280798] RDX: dead000000000100 RSI: ffff9430021e4900 RDI: 0000000000036070\n [337571.281015] RBP: ffff942d98ec2000 R08: ffff942d98ec2000 R09: 000000000000015b\n [337571.281254] R10: 0000000000000009 R11: 0000000000000001 R12: ffff942fe8fbf600\n [337571.281476] R13: ffff942dabe23040 R14: ffff942dabe20800 R15: ffff942d92cf3b48\n [337571.281723] FS: 00007f478adb7340(0000) GS:ffff94349fa40000(0000) knlGS:0000000000000000\n [337571.281950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [337571.282184] CR2: 00007f478ab9a3d5 CR3: 000000001e02c001 CR4: 0000000000370ee0\n [337571.282416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [337571.282647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [337571.282874] Call Trace:\n [337571.283101] \u003cTASK\u003e\n [337571.283327] ? __die_body+0x1b/0x60\n [337571.283570] ? die_addr+0x39/0x60\n [337571.283796] ? exc_general_protection+0x22e/0x430\n [337571.284022] ? asm_exc_general_protection+0x22/0x30\n [337571.284251] ? commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.284531] btrfs_commit_transaction+0x42e/0xf90 [btrfs]\n [337571.284803] ? _raw_spin_unlock+0x15/0x30\n [337571.285031] ? release_extent_buffer+0x103/0x130 [btrfs]\n [337571.285305] reset_balance_state+0x152/0x1b0 [btrfs]\n [337571.285578] btrfs_balance+0xa50/0x11e0 [btrfs]\n [337571.285864] ? __kmem_cache_alloc_node+0x14a/0x410\n [337571.286086] btrfs_ioctl+0x249a/0x3320 [btrfs]\n [337571.286358] ? mod_objcg_state+0xd2/0x360\n [337571.286577] ? refill_obj_stock+0xb0/0x160\n [337571.286798] ? seq_release+0x25/0x30\n [337571.287016] ? __rseq_handle_notify_resume+0x3ba/0x4b0\n [337571.287235] ? percpu_counter_add_batch+0x2e/0xa0\n [337571.287455] ? __x64_sys_ioctl+0x88/0xc0\n [337571.287675] __x64_sys_ioctl+0x88/0xc0\n [337571.287901] do_syscall_64+0x38/0x90\n [337571.288126] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n [337571.288352] RIP: 0033:0x7f478aaffe9b\n\nSo fix this by locking struct btrfs_fs_info::trans_lock before deleting\nthe quota root from that list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54032",
"url": "https://www.suse.com/security/cve/CVE-2023-54032"
},
{
"category": "external",
"summary": "SUSE Bug 1255617 for CVE-2023-54032",
"url": "https://bugzilla.suse.com/1255617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54032"
},
{
"cve": "CVE-2023-54035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix underflow in chain reference counter\n\nSet element addition error path decrements reference counter on chains\ntwice: once on element release and again via nft_data_release().\n\nThen, d6b478666ffa (\"netfilter: nf_tables: fix underflow in object\nreference counter\") incorrectly fixed this by removing the stateful\nobject reference count decrement.\n\nRestore the stateful object decrement as in b91d90368837 (\"netfilter:\nnf_tables: fix leaking object reference count\") and let\nnft_data_release() decrement the chain reference counter, so this is\ndone only once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54035",
"url": "https://www.suse.com/security/cve/CVE-2023-54035"
},
{
"category": "external",
"summary": "SUSE Bug 1255563 for CVE-2023-54035",
"url": "https://bugzilla.suse.com/1255563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54035"
},
{
"cve": "CVE-2023-54037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: prevent NULL pointer deref during reload\n\nCalling ethtool during reload can lead to call trace, because VSI isn\u0027t\nconfigured for some time, but netdev is alive.\n\nTo fix it add rtnl lock for VSI deconfig and config. Set ::num_q_vectors\nto 0 after freeing and add a check for ::tx/rx_rings in ring related\nethtool ops.\n\nAdd proper unroll of filters in ice_start_eth().\n\nReproduction:\n$watch -n 0.1 -d \u0027ethtool -g enp24s0f0np0\u0027\n$devlink dev reload pci/0000:18:00.0 action driver_reinit\n\nCall trace before fix:\n[66303.926205] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[66303.926259] #PF: supervisor read access in kernel mode\n[66303.926286] #PF: error_code(0x0000) - not-present page\n[66303.926311] PGD 0 P4D 0\n[66303.926332] Oops: 0000 [#1] PREEMPT SMP PTI\n[66303.926358] CPU: 4 PID: 933821 Comm: ethtool Kdump: loaded Tainted: G OE 6.4.0-rc5+ #1\n[66303.926400] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.00.01.0014.070920180847 07/09/2018\n[66303.926446] RIP: 0010:ice_get_ringparam+0x22/0x50 [ice]\n[66303.926649] Code: 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 87 c0 09 00 00 c7 46 04 e0 1f 00 00 c7 46 10 e0 1f 00 00 48 8b 50 20 \u003c48\u003e 8b 12 0f b7 52 3a 89 56 14 48 8b 40 28 48 8b 00 0f b7 40 58 48\n[66303.926722] RSP: 0018:ffffad40472f39c8 EFLAGS: 00010246\n[66303.926749] RAX: ffff98a8ada05828 RBX: ffff98a8c46dd060 RCX: ffffad40472f3b48\n[66303.926781] RDX: 0000000000000000 RSI: ffff98a8c46dd068 RDI: ffff98a8b23c4000\n[66303.926811] RBP: ffffad40472f3b48 R08: 00000000000337b0 R09: 0000000000000000\n[66303.926843] R10: 0000000000000001 R11: 0000000000000100 R12: ffff98a8b23c4000\n[66303.926874] R13: ffff98a8c46dd060 R14: 000000000000000f R15: ffffad40472f3a50\n[66303.926906] FS: 00007f6397966740(0000) GS:ffff98b390900000(0000) knlGS:0000000000000000\n[66303.926941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[66303.926967] CR2: 0000000000000000 CR3: 000000011ac20002 CR4: 00000000007706e0\n[66303.926999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[66303.927029] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[66303.927060] PKRU: 55555554\n[66303.927075] Call Trace:\n[66303.927094] \u003cTASK\u003e\n[66303.927111] ? __die+0x23/0x70\n[66303.927140] ? page_fault_oops+0x171/0x4e0\n[66303.927176] ? exc_page_fault+0x7f/0x180\n[66303.927209] ? asm_exc_page_fault+0x26/0x30\n[66303.927244] ? ice_get_ringparam+0x22/0x50 [ice]\n[66303.927433] rings_prepare_data+0x62/0x80\n[66303.927469] ethnl_default_doit+0xe2/0x350\n[66303.927501] genl_family_rcv_msg_doit.isra.0+0xe3/0x140\n[66303.927538] genl_rcv_msg+0x1b1/0x2c0\n[66303.927561] ? __pfx_ethnl_default_doit+0x10/0x10\n[66303.927590] ? __pfx_genl_rcv_msg+0x10/0x10\n[66303.927615] netlink_rcv_skb+0x58/0x110\n[66303.927644] genl_rcv+0x28/0x40\n[66303.927665] netlink_unicast+0x19e/0x290\n[66303.927691] netlink_sendmsg+0x254/0x4d0\n[66303.927717] sock_sendmsg+0x93/0xa0\n[66303.927743] __sys_sendto+0x126/0x170\n[66303.927780] __x64_sys_sendto+0x24/0x30\n[66303.928593] do_syscall_64+0x5d/0x90\n[66303.929370] ? __count_memcg_events+0x60/0xa0\n[66303.930146] ? count_memcg_events.constprop.0+0x1a/0x30\n[66303.930920] ? handle_mm_fault+0x9e/0x350\n[66303.931688] ? do_user_addr_fault+0x258/0x740\n[66303.932452] ? exc_page_fault+0x7f/0x180\n[66303.933193] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54037",
"url": "https://www.suse.com/security/cve/CVE-2023-54037"
},
{
"category": "external",
"summary": "SUSE Bug 1255557 for CVE-2023-54037",
"url": "https://bugzilla.suse.com/1255557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54037"
},
{
"cve": "CVE-2023-54038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link\n\nhci_connect_sco currently returns NULL when there is no link (i.e. when\nhci_conn_link() returns NULL).\n\nsco_connect() expects an ERR_PTR in case of any error (see line 266 in\nsco.c). Thus, hcon set as NULL passes through to sco_conn_add(), which\ntries to get hcon-\u003ehdev, resulting in dereferencing a NULL pointer as\nreported by syzkaller.\n\nThe same issue exists for iso_connect_cis() calling hci_connect_cis().\n\nThus, make hci_connect_sco() and hci_connect_cis() return ERR_PTR\ninstead of NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54038",
"url": "https://www.suse.com/security/cve/CVE-2023-54038"
},
{
"category": "external",
"summary": "SUSE Bug 1255540 for CVE-2023-54038",
"url": "https://bugzilla.suse.com/1255540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54038"
},
{
"cve": "CVE-2023-54042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Fix VAS mm use after free\n\nThe refcount on mm is dropped before the coprocessor is detached.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54042",
"url": "https://www.suse.com/security/cve/CVE-2023-54042"
},
{
"category": "external",
"summary": "SUSE Bug 1255702 for CVE-2023-54042",
"url": "https://bugzilla.suse.com/1255702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2023-54042"
},
{
"cve": "CVE-2023-54045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: fix possible soft lockup in __audit_inode_child()\n\nTracefs or debugfs maybe cause hundreds to thousands of PATH records,\ntoo many PATH records maybe cause soft lockup.\n\nFor example:\n 1. CONFIG_KASAN=y \u0026\u0026 CONFIG_PREEMPTION=n\n 2. auditctl -a exit,always -S open -k key\n 3. sysctl -w kernel.watchdog_thresh=5\n 4. mkdir /sys/kernel/debug/tracing/instances/test\n\nThere may be a soft lockup as follows:\n watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498]\n Kernel panic - not syncing: softlockup: hung tasks\n Call trace:\n dump_backtrace+0x0/0x30c\n show_stack+0x20/0x30\n dump_stack+0x11c/0x174\n panic+0x27c/0x494\n watchdog_timer_fn+0x2bc/0x390\n __run_hrtimer+0x148/0x4fc\n __hrtimer_run_queues+0x154/0x210\n hrtimer_interrupt+0x2c4/0x760\n arch_timer_handler_phys+0x48/0x60\n handle_percpu_devid_irq+0xe0/0x340\n __handle_domain_irq+0xbc/0x130\n gic_handle_irq+0x78/0x460\n el1_irq+0xb8/0x140\n __audit_inode_child+0x240/0x7bc\n tracefs_create_file+0x1b8/0x2a0\n trace_create_file+0x18/0x50\n event_create_dir+0x204/0x30c\n __trace_add_new_event+0xac/0x100\n event_trace_add_tracer+0xa0/0x130\n trace_array_create_dir+0x60/0x140\n trace_array_create+0x1e0/0x370\n instance_mkdir+0x90/0xd0\n tracefs_syscall_mkdir+0x68/0xa0\n vfs_mkdir+0x21c/0x34c\n do_mkdirat+0x1b4/0x1d4\n __arm64_sys_mkdirat+0x4c/0x60\n el0_svc_common.constprop.0+0xa8/0x240\n do_el0_svc+0x8c/0xc0\n el0_svc+0x20/0x30\n el0_sync_handler+0xb0/0xb4\n el0_sync+0x160/0x180\n\nTherefore, we add cond_resched() to __audit_inode_child() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54045",
"url": "https://www.suse.com/security/cve/CVE-2023-54045"
},
{
"category": "external",
"summary": "SUSE Bug 1256285 for CVE-2023-54045",
"url": "https://bugzilla.suse.com/1256285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54045"
},
{
"cve": "CVE-2023-54048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Prevent handling any completions after qp destroy\n\nHW may generate completions that indicates QP is destroyed.\nDriver should not be scheduling any more completion handlers\nfor this QP, after the QP is destroyed. Since CQs are active\nduring the QP destroy, driver may still schedule completion\nhandlers. This can cause a race where the destroy_cq and poll_cq\nrunning simultaneously.\n\nSnippet of kernel panic while doing bnxt_re driver load unload in loop.\nThis indicates a poll after the CQ is freed. \n\n[77786.481636] Call Trace:\n[77786.481640] \u003cTASK\u003e\n[77786.481644] bnxt_re_poll_cq+0x14a/0x620 [bnxt_re]\n[77786.481658] ? kvm_clock_read+0x14/0x30\n[77786.481693] __ib_process_cq+0x57/0x190 [ib_core]\n[77786.481728] ib_cq_poll_work+0x26/0x80 [ib_core]\n[77786.481761] process_one_work+0x1e5/0x3f0\n[77786.481768] worker_thread+0x50/0x3a0\n[77786.481785] ? __pfx_worker_thread+0x10/0x10\n[77786.481790] kthread+0xe2/0x110\n[77786.481794] ? __pfx_kthread+0x10/0x10\n[77786.481797] ret_from_fork+0x2c/0x50\n\nTo avoid this, complete all completion handlers before returning the\ndestroy QP. If free_cq is called soon after destroy_qp, IB stack\nwill cancel the CQ work before invoking the destroy_cq verb and\nthis will prevent any race mentioned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54048",
"url": "https://www.suse.com/security/cve/CVE-2023-54048"
},
{
"category": "external",
"summary": "SUSE Bug 1256395 for CVE-2023-54048",
"url": "https://bugzilla.suse.com/1256395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54048"
},
{
"cve": "CVE-2023-54049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: glink: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54049",
"url": "https://www.suse.com/security/cve/CVE-2023-54049"
},
{
"category": "external",
"summary": "SUSE Bug 1256396 for CVE-2023-54049",
"url": "https://bugzilla.suse.com/1256396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54049"
},
{
"cve": "CVE-2023-54051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not allow gso_size to be set to GSO_BY_FRAGS\n\nOne missing check in virtio_net_hdr_to_skb() allowed\nsyzbot to crash kernels again [1]\n\nDo not allow gso_size to be set to GSO_BY_FRAGS (0xffff),\nbecause this magic value is used by the kernel.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 0 PID: 5039 Comm: syz-executor401 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:skb_segment+0x1a52/0x3ef0 net/core/skbuff.c:4500\nCode: 00 00 00 e9 ab eb ff ff e8 6b 96 5d f9 48 8b 84 24 00 01 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e ea 21 00 00 48 8b 84 24 00 01\nRSP: 0018:ffffc90003d3f1c8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 000000000001fffe RCX: 0000000000000000\nRDX: 000000000000000e RSI: ffffffff882a3115 RDI: 0000000000000070\nRBP: ffffc90003d3f378 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 5ee4a93e456187d6 R12: 000000000001ffc6\nR13: dffffc0000000000 R14: 0000000000000008 R15: 000000000000ffff\nFS: 00005555563f2380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020020000 CR3: 000000001626d000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nudp6_ufo_fragment+0x9d2/0xd50 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x5c4/0x17b0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x292/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x3a5/0xf10 net/core/dev.c:3625\n__dev_queue_xmit+0x8f0/0x3d60 net/core/dev.c:4329\ndev_queue_xmit include/linux/netdevice.h:3082 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c7/0x5570 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:727 [inline]\nsock_sendmsg+0xd9/0x180 net/socket.c:750\n____sys_sendmsg+0x6ac/0x940 net/socket.c:2496\n___sys_sendmsg+0x135/0x1d0 net/socket.c:2550\n__sys_sendmsg+0x117/0x1e0 net/socket.c:2579\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ff27cdb34d9",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54051",
"url": "https://www.suse.com/security/cve/CVE-2023-54051"
},
{
"category": "external",
"summary": "SUSE Bug 1256394 for CVE-2023-54051",
"url": "https://bugzilla.suse.com/1256394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54051"
},
{
"cve": "CVE-2023-54052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix skb leak by txs missing in AMSDU\n\ntxs may be dropped if the frame is aggregated in AMSDU. When the problem\nshows up, some SKBs would be hold in driver to cause network stopped\ntemporarily. Even if the problem can be recovered by txs timeout handling,\nmt7921 still need to disable txs in AMSDU to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54052",
"url": "https://www.suse.com/security/cve/CVE-2023-54052"
},
{
"category": "external",
"summary": "SUSE Bug 1256387 for CVE-2023-54052",
"url": "https://bugzilla.suse.com/1256387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54052"
},
{
"cve": "CVE-2023-54060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Set end correctly when doing batch carry\n\nEven though the test suite covers this it somehow became obscured that\nthis wasn\u0027t working.\n\nThe test iommufd_ioas.mock_domain.access_domain_destory would blow up\nrarely.\n\nend should be set to 1 because this just pushed an item, the carry, to the\npfns list.\n\nSometimes the test would blow up with:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 5 PID: 584 Comm: iommufd Not tainted 6.5.0-rc1-dirty #1236\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:batch_unpin+0xa2/0x100 [iommufd]\n Code: 17 48 81 fe ff ff 07 00 77 70 48 8b 15 b7 be 97 e2 48 85 d2 74 14 48 8b 14 fa 48 85 d2 74 0b 40 0f b6 f6 48 c1 e6 04 48 01 f2 \u003c48\u003e 8b 3a 48 c1 e0 06 89 ca 48 89 de 48 83 e7 f0 48 01 c7 e8 96 dc\n RSP: 0018:ffffc90001677a58 EFLAGS: 00010246\n RAX: 00007f7e2646f000 RBX: 0000000000000000 RCX: 0000000000000001\n RDX: 0000000000000000 RSI: 00000000fefc4c8d RDI: 0000000000fefc4c\n RBP: ffffc90001677a80 R08: 0000000000000048 R09: 0000000000000200\n R10: 0000000000030b98 R11: ffffffff81f3bb40 R12: 0000000000000001\n R13: ffff888101f75800 R14: ffffc90001677ad0 R15: 00000000000001fe\n FS: 00007f9323679740(0000) GS:ffff8881ba540000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000105ede003 CR4: 00000000003706a0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x5c/0x70\n ? __die+0x1f/0x60\n ? page_fault_oops+0x15d/0x440\n ? lock_release+0xbc/0x240\n ? exc_page_fault+0x4a4/0x970\n ? asm_exc_page_fault+0x27/0x30\n ? batch_unpin+0xa2/0x100 [iommufd]\n ? batch_unpin+0xba/0x100 [iommufd]\n __iopt_area_unfill_domain+0x198/0x430 [iommufd]\n ? __mutex_lock+0x8c/0xb80\n ? __mutex_lock+0x6aa/0xb80\n ? xa_erase+0x28/0x30\n ? iopt_table_remove_domain+0x162/0x320 [iommufd]\n ? lock_release+0xbc/0x240\n iopt_area_unfill_domain+0xd/0x10 [iommufd]\n iopt_table_remove_domain+0x195/0x320 [iommufd]\n iommufd_hw_pagetable_destroy+0xb3/0x110 [iommufd]\n iommufd_object_destroy_user+0x8e/0xf0 [iommufd]\n iommufd_device_detach+0xc5/0x140 [iommufd]\n iommufd_selftest_destroy+0x1f/0x70 [iommufd]\n iommufd_object_destroy_user+0x8e/0xf0 [iommufd]\n iommufd_destroy+0x3a/0x50 [iommufd]\n iommufd_fops_ioctl+0xfb/0x170 [iommufd]\n __x64_sys_ioctl+0x40d/0x9a0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54060",
"url": "https://www.suse.com/security/cve/CVE-2023-54060"
},
{
"category": "external",
"summary": "SUSE Bug 1256379 for CVE-2023-54060",
"url": "https://bugzilla.suse.com/1256379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54060"
},
{
"cve": "CVE-2023-54064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:ssif: Fix a memory leak when scanning for an adapter\n\nThe adapter scan ssif_info_find() sets info-\u003eadapter_name if the adapter\ninfo came from SMBIOS, as it\u0027s not set in that case. However, this\nfunction can be called more than once, and it will leak the adapter name\nif it had already been set. So check for NULL before setting it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54064",
"url": "https://www.suse.com/security/cve/CVE-2023-54064"
},
{
"category": "external",
"summary": "SUSE Bug 1256375 for CVE-2023-54064",
"url": "https://bugzilla.suse.com/1256375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54064"
},
{
"cve": "CVE-2023-54066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer\n\nIn gl861_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach gl861_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54066",
"url": "https://www.suse.com/security/cve/CVE-2023-54066"
},
{
"category": "external",
"summary": "SUSE Bug 1256373 for CVE-2023-54066",
"url": "https://bugzilla.suse.com/1256373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54066"
},
{
"cve": "CVE-2023-54067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54067"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race when deleting free space root from the dirty cow roots list\n\nWhen deleting the free space tree we are deleting the free space root\nfrom the list fs_info-\u003edirty_cowonly_roots without taking the lock that\nprotects it, which is struct btrfs_fs_info::trans_lock.\nThis unsynchronized list manipulation may cause chaos if there\u0027s another\nconcurrent manipulation of this list, such as when adding a root to it\nwith ctree.c:add_root_to_dirty_list().\n\nThis can result in all sorts of weird failures caused by a race, such as\nthe following crash:\n\n [337571.278245] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] PREEMPT SMP PTI\n [337571.278933] CPU: 1 PID: 115447 Comm: btrfs Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [337571.279153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [337571.279572] RIP: 0010:commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.279928] Code: 85 38 06 00 (...)\n [337571.280363] RSP: 0018:ffff9f63446efba0 EFLAGS: 00010206\n [337571.280582] RAX: ffff942d98ec2638 RBX: ffff9430b82b4c30 RCX: 0000000449e1c000\n [337571.280798] RDX: dead000000000100 RSI: ffff9430021e4900 RDI: 0000000000036070\n [337571.281015] RBP: ffff942d98ec2000 R08: ffff942d98ec2000 R09: 000000000000015b\n [337571.281254] R10: 0000000000000009 R11: 0000000000000001 R12: ffff942fe8fbf600\n [337571.281476] R13: ffff942dabe23040 R14: ffff942dabe20800 R15: ffff942d92cf3b48\n [337571.281723] FS: 00007f478adb7340(0000) GS:ffff94349fa40000(0000) knlGS:0000000000000000\n [337571.281950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [337571.282184] CR2: 00007f478ab9a3d5 CR3: 000000001e02c001 CR4: 0000000000370ee0\n [337571.282416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [337571.282647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [337571.282874] Call Trace:\n [337571.283101] \u003cTASK\u003e\n [337571.283327] ? __die_body+0x1b/0x60\n [337571.283570] ? die_addr+0x39/0x60\n [337571.283796] ? exc_general_protection+0x22e/0x430\n [337571.284022] ? asm_exc_general_protection+0x22/0x30\n [337571.284251] ? commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.284531] btrfs_commit_transaction+0x42e/0xf90 [btrfs]\n [337571.284803] ? _raw_spin_unlock+0x15/0x30\n [337571.285031] ? release_extent_buffer+0x103/0x130 [btrfs]\n [337571.285305] reset_balance_state+0x152/0x1b0 [btrfs]\n [337571.285578] btrfs_balance+0xa50/0x11e0 [btrfs]\n [337571.285864] ? __kmem_cache_alloc_node+0x14a/0x410\n [337571.286086] btrfs_ioctl+0x249a/0x3320 [btrfs]\n [337571.286358] ? mod_objcg_state+0xd2/0x360\n [337571.286577] ? refill_obj_stock+0xb0/0x160\n [337571.286798] ? seq_release+0x25/0x30\n [337571.287016] ? __rseq_handle_notify_resume+0x3ba/0x4b0\n [337571.287235] ? percpu_counter_add_batch+0x2e/0xa0\n [337571.287455] ? __x64_sys_ioctl+0x88/0xc0\n [337571.287675] __x64_sys_ioctl+0x88/0xc0\n [337571.287901] do_syscall_64+0x38/0x90\n [337571.288126] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n [337571.288352] RIP: 0033:0x7f478aaffe9b\n\nSo fix this by locking struct btrfs_fs_info::trans_lock before deleting\nthe free space root from that list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54067",
"url": "https://www.suse.com/security/cve/CVE-2023-54067"
},
{
"category": "external",
"summary": "SUSE Bug 1256369 for CVE-2023-54067",
"url": "https://bugzilla.suse.com/1256369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54067"
},
{
"cve": "CVE-2023-54069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix BUG in ext4_mb_new_inode_pa() due to overflow\n\nWhen we calculate the end position of ext4_free_extent, this position may\nbe exactly where ext4_lblk_t (i.e. uint) overflows. For example, if\nac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the\ncomputed end is 0x100000000, which is 0. If ac-\u003eac_o_ex.fe_logical is not\nthe first case of adjusting the best extent, that is, new_bex_end \u003e 0, the\nfollowing BUG_ON will be triggered:\n\n=========================================================\nkernel BUG at fs/ext4/mballoc.c:5116!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 3 PID: 673 Comm: xfs_io Tainted: G E 6.5.0-rc1+ #279\nRIP: 0010:ext4_mb_new_inode_pa+0xc5/0x430\nCall Trace:\n \u003cTASK\u003e\n ext4_mb_use_best_found+0x203/0x2f0\n ext4_mb_try_best_found+0x163/0x240\n ext4_mb_regular_allocator+0x158/0x1550\n ext4_mb_new_blocks+0x86a/0xe10\n ext4_ext_map_blocks+0xb0c/0x13a0\n ext4_map_blocks+0x2cd/0x8f0\n ext4_iomap_begin+0x27b/0x400\n iomap_iter+0x222/0x3d0\n __iomap_dio_rw+0x243/0xcb0\n iomap_dio_rw+0x16/0x80\n=========================================================\n\nA simple reproducer demonstrating the problem:\n\n\tmkfs.ext4 -F /dev/sda -b 4096 100M\n\tmount /dev/sda /tmp/test\n\tfallocate -l1M /tmp/test/tmp\n\tfallocate -l10M /tmp/test/file\n\tfallocate -i -o 1M -l16777203M /tmp/test/file\n\tfsstress -d /tmp/test -l 0 -n 100000 -p 8 \u0026\n\tsleep 10 \u0026\u0026 killall -9 fsstress\n\trm -f /tmp/test/tmp\n\txfs_io -c \"open -ad /tmp/test/file\" -c \"pwrite -S 0xff 0 8192\"\n\nWe simply refactor the logic for adjusting the best extent by adding\na temporary ext4_free_extent ex and use extent_logical_end() to avoid\noverflow, which also simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54069",
"url": "https://www.suse.com/security/cve/CVE-2023-54069"
},
{
"category": "external",
"summary": "SUSE Bug 1256371 for CVE-2023-54069",
"url": "https://bugzilla.suse.com/1256371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54069"
},
{
"cve": "CVE-2023-54070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: clean up in all error paths when enabling SR-IOV\n\nAfter commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"), removing\nthe igb module could hang or crash (depending on the machine) when the\nmodule has been loaded with the max_vfs parameter set to some value != 0.\n\nIn case of one test machine with a dual port 82580, this hang occurred:\n\n[ 232.480687] igb 0000:41:00.1: removed PHC on enp65s0f1\n[ 233.093257] igb 0000:41:00.1: IOV Disabled\n[ 233.329969] pcieport 0000:40:01.0: AER: Multiple Uncorrected (Non-Fatal) err0\n[ 233.340302] igb 0000:41:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[ 233.352248] igb 0000:41:00.0: device [8086:1516] error status/mask=00100000\n[ 233.361088] igb 0000:41:00.0: [20] UnsupReq (First)\n[ 233.368183] igb 0000:41:00.0: AER: TLP Header: 40000001 0000040f cdbfc00c c\n[ 233.376846] igb 0000:41:00.1: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[ 233.388779] igb 0000:41:00.1: device [8086:1516] error status/mask=00100000\n[ 233.397629] igb 0000:41:00.1: [20] UnsupReq (First)\n[ 233.404736] igb 0000:41:00.1: AER: TLP Header: 40000001 0000040f cdbfc00c c\n[ 233.538214] pci 0000:41:00.1: AER: can\u0027t recover (no error_detected callback)\n[ 233.538401] igb 0000:41:00.0: removed PHC on enp65s0f0\n[ 233.546197] pcieport 0000:40:01.0: AER: device recovery failed\n[ 234.157244] igb 0000:41:00.0: IOV Disabled\n[ 371.619705] INFO: task irq/35-aerdrv:257 blocked for more than 122 seconds.\n[ 371.627489] Not tainted 6.4.0-dirty #2\n[ 371.632257] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this.\n[ 371.641000] task:irq/35-aerdrv state:D stack:0 pid:257 ppid:2 f0\n[ 371.650330] Call Trace:\n[ 371.653061] \u003cTASK\u003e\n[ 371.655407] __schedule+0x20e/0x660\n[ 371.659313] schedule+0x5a/0xd0\n[ 371.662824] schedule_preempt_disabled+0x11/0x20\n[ 371.667983] __mutex_lock.constprop.0+0x372/0x6c0\n[ 371.673237] ? __pfx_aer_root_reset+0x10/0x10\n[ 371.678105] report_error_detected+0x25/0x1c0\n[ 371.682974] ? __pfx_report_normal_detected+0x10/0x10\n[ 371.688618] pci_walk_bus+0x72/0x90\n[ 371.692519] pcie_do_recovery+0xb2/0x330\n[ 371.696899] aer_process_err_devices+0x117/0x170\n[ 371.702055] aer_isr+0x1c0/0x1e0\n[ 371.705661] ? __set_cpus_allowed_ptr+0x54/0xa0\n[ 371.710723] ? __pfx_irq_thread_fn+0x10/0x10\n[ 371.715496] irq_thread_fn+0x20/0x60\n[ 371.719491] irq_thread+0xe6/0x1b0\n[ 371.723291] ? __pfx_irq_thread_dtor+0x10/0x10\n[ 371.728255] ? __pfx_irq_thread+0x10/0x10\n[ 371.732731] kthread+0xe2/0x110\n[ 371.736243] ? __pfx_kthread+0x10/0x10\n[ 371.740430] ret_from_fork+0x2c/0x50\n[ 371.744428] \u003c/TASK\u003e\n\nThe reproducer was a simple script:\n\n #!/bin/sh\n for i in `seq 1 5`; do\n modprobe -rv igb\n modprobe -v igb max_vfs=1\n sleep 1\n modprobe -rv igb\n done\n\nIt turned out that this could only be reproduce on 82580 (quad and\ndual-port), but not on 82576, i350 and i210. Further debugging showed\nthat igb_enable_sriov()\u0027s call to pci_enable_sriov() is failing, because\ndev-\u003eis_physfn is 0 on 82580.\n\nPrior to commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"),\nigb_enable_sriov() jumped into the \"err_out\" cleanup branch. After this\ncommit it only returned the error code.\n\nSo the cleanup didn\u0027t take place, and the incorrect VF setup in the\nigb_adapter structure fooled the igb driver into assuming that VFs have\nbeen set up where no VF actually existed.\n\nFix this problem by cleaning up again if pci_enable_sriov() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54070",
"url": "https://www.suse.com/security/cve/CVE-2023-54070"
},
{
"category": "external",
"summary": "SUSE Bug 1256364 for CVE-2023-54070",
"url": "https://bugzilla.suse.com/1256364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54070"
},
{
"cve": "CVE-2023-54072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix potential data race at PCM memory allocation helpers\n\nThe PCM memory allocation helpers have a sanity check against too many\nbuffer allocations. However, the check is performed without a proper\nlock and the allocation isn\u0027t serialized; this allows user to allocate\nmore memories than predefined max size.\n\nPractically seen, this isn\u0027t really a big problem, as it\u0027s more or\nless some \"soft limit\" as a sanity check, and it\u0027s not possible to\nallocate unlimitedly. But it\u0027s still better to address this for more\nconsistent behavior.\n\nThe patch covers the size check in do_alloc_pages() with the\ncard-\u003ememory_mutex, and increases the allocated size there for\npreventing the further overflow. When the actual allocation fails,\nthe size is decreased accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54072",
"url": "https://www.suse.com/security/cve/CVE-2023-54072"
},
{
"category": "external",
"summary": "SUSE Bug 1256291 for CVE-2023-54072",
"url": "https://bugzilla.suse.com/1256291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54072"
},
{
"cve": "CVE-2023-54076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix missed ses refcounting\n\nUse new cifs_smb_ses_inc_refcount() helper to get an active reference\nof @ses and @ses-\u003edfs_root_ses (if set). This will prevent\n@ses-\u003edfs_root_ses of being put in the next call to cifs_put_smb_ses()\nand thus potentially causing an use-after-free bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54076",
"url": "https://www.suse.com/security/cve/CVE-2023-54076"
},
{
"category": "external",
"summary": "SUSE Bug 1256335 for CVE-2023-54076",
"url": "https://bugzilla.suse.com/1256335"
},
{
"category": "external",
"summary": "SUSE Bug 1256450 for CVE-2023-54076",
"url": "https://bugzilla.suse.com/1256450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2023-54076"
},
{
"cve": "CVE-2023-54080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: skip splitting and logical rewriting on pre-alloc write\n\nWhen doing a relocation, there is a chance that at the time of\nbtrfs_reloc_clone_csums(), there is no checksum for the corresponding\nregion.\n\nIn this case, btrfs_finish_ordered_zoned()\u0027s sum points to an invalid item\nand so ordered_extent\u0027s logical is set to some invalid value. Then,\nbtrfs_lookup_block_group() in btrfs_zone_finish_endio() failed to find a\nblock group and will hit an assert or a null pointer dereference as\nfollowing.\n\nThis can be reprodcued by running btrfs/028 several times (e.g, 4 to 16\ntimes) with a null_blk setup. The device\u0027s zone size and capacity is set to\n32 MB and the storage size is set to 5 GB on my setup.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 6 PID: 3105720 Comm: kworker/u16:13 Tainted: G W 6.5.0-rc6-kts+ #1\n Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0 12/17/2015\n Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n RIP: 0010:btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs]\n Code: 41 54 49 89 fc 55 48 89 f5 53 e8 57 7d fc ff 48 8d b8 88 00 00 00 48 89 c3 48 b8 00 00 00 00 00\n \u003e 3c 02 00 0f 85 02 01 00 00 f6 83 88 00 00 00 01 0f 84 a8 00 00\n RSP: 0018:ffff88833cf87b08 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000011 RSI: 0000000000000004 RDI: 0000000000000088\n RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed102877b827\n R10: ffff888143bdc13b R11: ffff888125b1cbc0 R12: ffff888143bdc000\n R13: 0000000000007000 R14: ffff888125b1cba8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88881e500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f3ed85223d5 CR3: 00000001519b4005 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? die_addr+0x3c/0xa0\n ? exc_general_protection+0x148/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs]\n ? btrfs_zone_finish_endio.part.0+0x19/0x160 [btrfs]\n btrfs_finish_one_ordered+0x7b8/0x1de0 [btrfs]\n ? rcu_is_watching+0x11/0xb0\n ? lock_release+0x47a/0x620\n ? btrfs_finish_ordered_zoned+0x59b/0x800 [btrfs]\n ? __pfx_btrfs_finish_one_ordered+0x10/0x10 [btrfs]\n ? btrfs_finish_ordered_zoned+0x358/0x800 [btrfs]\n ? __smp_call_single_queue+0x124/0x350\n ? rcu_is_watching+0x11/0xb0\n btrfs_work_helper+0x19f/0xc60 [btrfs]\n ? __pfx_try_to_wake_up+0x10/0x10\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n process_one_work+0x8c1/0x1430\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? _raw_spin_lock_irq+0x52/0x60\n worker_thread+0x100/0x12c0\n ? __kthread_parkme+0xc1/0x1f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2ea/0x3c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nOn the zoned mode, writing to pre-allocated region means data relocation\nwrite. Such write always uses WRITE command so there is no need of splitting\nand rewriting logical address. Thus, we can just skip the function for the\ncase.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54080",
"url": "https://www.suse.com/security/cve/CVE-2023-54080"
},
{
"category": "external",
"summary": "SUSE Bug 1256367 for CVE-2023-54080",
"url": "https://bugzilla.suse.com/1256367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54080"
},
{
"cve": "CVE-2023-54081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: speed up grant-table reclaim\n\nWhen a grant entry is still in use by the remote domain, Linux must put\nit on a deferred list. Normally, this list is very short, because\nthe PV network and block protocols expect the backend to unmap the grant\nfirst. However, Qubes OS\u0027s GUI protocol is subject to the constraints\nof the X Window System, and as such winds up with the frontend unmapping\nthe window first. As a result, the list can grow very large, resulting\nin a massive memory leak and eventual VM freeze.\n\nTo partially solve this problem, make the number of entries that the VM\nwill attempt to free at each iteration tunable. The default is still\n10, but it can be overridden via a module parameter.\n\nThis is Cc: stable because (when combined with appropriate userspace\nchanges) it fixes a severe performance and stability problem for Qubes\nOS users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54081",
"url": "https://www.suse.com/security/cve/CVE-2023-54081"
},
{
"category": "external",
"summary": "SUSE Bug 1256361 for CVE-2023-54081",
"url": "https://bugzilla.suse.com/1256361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54081"
},
{
"cve": "CVE-2023-54083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: tegra: xusb: Clear the driver reference in usb-phy dev\n\nFor the dual-role port, it will assign the phy dev to usb-phy dev and\nuse the port dev driver as the dev driver of usb-phy.\n\nWhen we try to destroy the port dev, it will destroy its dev driver\nas well. But we did not remove the reference from usb-phy dev. This\nmight cause the use-after-free issue in KASAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54083",
"url": "https://www.suse.com/security/cve/CVE-2023-54083"
},
{
"category": "external",
"summary": "SUSE Bug 1256368 for CVE-2023-54083",
"url": "https://bugzilla.suse.com/1256368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54083"
},
{
"cve": "CVE-2023-54088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: hold queue_lock when removing blkg-\u003eq_node\n\nWhen blkg is removed from q-\u003eblkg_list from blkg_free_workfn(), queue_lock\nhas to be held, otherwise, all kinds of bugs(list corruption, hard lockup,\n..) can be triggered from blkg_destroy_all().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54088",
"url": "https://www.suse.com/security/cve/CVE-2023-54088"
},
{
"category": "external",
"summary": "SUSE Bug 1256263 for CVE-2023-54088",
"url": "https://bugzilla.suse.com/1256263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54088"
},
{
"cve": "CVE-2023-54089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: add the missing REQ_OP_WRITE for flush bio\n\nWhen doing mkfs.xfs on a pmem device, the following warning was\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submit_bio_noacct\n Modules linked in:\n CPU: 2 PID: 384 Comm: mkfs.xfs Not tainted 6.4.0-rc7+ #154\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:submit_bio_noacct+0x340/0x520\n ......\n Call Trace:\n \u003cTASK\u003e\n ? submit_bio_noacct+0xd5/0x520\n submit_bio+0x37/0x60\n async_pmem_flush+0x79/0xa0\n nvdimm_flush+0x17/0x40\n pmem_submit_bio+0x370/0x390\n __submit_bio+0xbc/0x190\n submit_bio_noacct_nocheck+0x14d/0x370\n submit_bio_noacct+0x1ef/0x520\n submit_bio+0x55/0x60\n submit_bio_wait+0x5a/0xc0\n blkdev_issue_flush+0x44/0x60\n\nThe root cause is that submit_bio_noacct() needs bio_op() is either\nWRITE or ZONE_APPEND for flush bio and async_pmem_flush() doesn\u0027t assign\nREQ_OP_WRITE when allocating flush bio, so submit_bio_noacct just fail\nthe flush bio.\n\nSimply fix it by adding the missing REQ_OP_WRITE for flush bio. And we\ncould fix the flush order issue and do flush optimization later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54089",
"url": "https://www.suse.com/security/cve/CVE-2023-54089"
},
{
"category": "external",
"summary": "SUSE Bug 1256268 for CVE-2023-54089",
"url": "https://bugzilla.suse.com/1256268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54089"
},
{
"cve": "CVE-2023-54091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix memory leak in drm_client_target_cloned\n\ndmt_mode is allocated and never freed in this function.\nIt was found with the ast driver, but most drivers using generic fbdev\nsetup are probably affected.\n\nThis fixes the following kmemleak report:\n backtrace:\n [\u003c00000000b391296d\u003e] drm_mode_duplicate+0x45/0x220 [drm]\n [\u003c00000000e45bb5b3\u003e] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm]\n [\u003c00000000ed2d3a37\u003e] drm_client_modeset_probe+0x6bd/0xf50 [drm]\n [\u003c0000000010e5cc9d\u003e] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]\n [\u003c00000000909f82ca\u003e] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]\n [\u003c00000000063a69aa\u003e] drm_client_register+0x169/0x240 [drm]\n [\u003c00000000a8c61525\u003e] ast_pci_probe+0x142/0x190 [ast]\n [\u003c00000000987f19bb\u003e] local_pci_probe+0xdc/0x180\n [\u003c000000004fca231b\u003e] work_for_cpu_fn+0x4e/0xa0\n [\u003c0000000000b85301\u003e] process_one_work+0x8b7/0x1540\n [\u003c000000003375b17c\u003e] worker_thread+0x70a/0xed0\n [\u003c00000000b0d43cd9\u003e] kthread+0x29f/0x340\n [\u003c000000008d770833\u003e] ret_from_fork+0x1f/0x30\nunreferenced object 0xff11000333089a00 (size 128):",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54091",
"url": "https://www.suse.com/security/cve/CVE-2023-54091"
},
{
"category": "external",
"summary": "SUSE Bug 1256274 for CVE-2023-54091",
"url": "https://bugzilla.suse.com/1256274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54091"
},
{
"cve": "CVE-2023-54092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: pv: fix index value of replaced ASCE\n\nThe index field of the struct page corresponding to a guest ASCE should\nbe 0. When replacing the ASCE in s390_replace_asce(), the index of the\nnew ASCE should also be set to 0.\n\nHaving the wrong index might lead to the wrong addresses being passed\naround when notifying pte invalidations, and eventually to validity\nintercepts (VM crash) if the prefix gets unmapped and the notifier gets\ncalled with the wrong address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54092",
"url": "https://www.suse.com/security/cve/CVE-2023-54092"
},
{
"category": "external",
"summary": "SUSE Bug 1256370 for CVE-2023-54092",
"url": "https://bugzilla.suse.com/1256370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54092"
},
{
"cve": "CVE-2023-54093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: anysee: fix null-ptr-deref in anysee_master_xfer\n\nIn anysee_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach anysee_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")\n\n[hverkuil: add spaces around +]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54093",
"url": "https://www.suse.com/security/cve/CVE-2023-54093"
},
{
"category": "external",
"summary": "SUSE Bug 1256273 for CVE-2023-54093",
"url": "https://bugzilla.suse.com/1256273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54093"
},
{
"cve": "CVE-2023-54094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent skb corruption on frag list segmentation\n\nIan reported several skb corruptions triggered by rx-gro-list,\ncollecting different oops alike:\n\n[ 62.624003] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 62.631083] #PF: supervisor read access in kernel mode\n[ 62.636312] #PF: error_code(0x0000) - not-present page\n[ 62.641541] PGD 0 P4D 0\n[ 62.644174] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 62.648629] CPU: 1 PID: 913 Comm: napi/eno2-79 Not tainted 6.4.0 #364\n[ 62.655162] Hardware name: Supermicro Super Server/A2SDi-12C-HLN4F, BIOS 1.7a 10/13/2022\n[ 62.663344] RIP: 0010:__udp_gso_segment (./include/linux/skbuff.h:2858\n./include/linux/udp.h:23 net/ipv4/udp_offload.c:228 net/ipv4/udp_offload.c:261\nnet/ipv4/udp_offload.c:277)\n[ 62.687193] RSP: 0018:ffffbd3a83b4f868 EFLAGS: 00010246\n[ 62.692515] RAX: 00000000000000ce RBX: 0000000000000000 RCX: 0000000000000000\n[ 62.699743] RDX: ffffa124def8a000 RSI: 0000000000000079 RDI: ffffa125952a14d4\n[ 62.706970] RBP: ffffa124def8a000 R08: 0000000000000022 R09: 00002000001558c9\n[ 62.714199] R10: 0000000000000000 R11: 00000000be554639 R12: 00000000000000e2\n[ 62.721426] R13: ffffa125952a1400 R14: ffffa125952a1400 R15: 00002000001558c9\n[ 62.728654] FS: 0000000000000000(0000) GS:ffffa127efa40000(0000)\nknlGS:0000000000000000\n[ 62.736852] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 62.742702] CR2: 00000000000000c0 CR3: 00000001034b0000 CR4: 00000000003526e0\n[ 62.749948] Call Trace:\n[ 62.752498] \u003cTASK\u003e\n[ 62.779267] inet_gso_segment (net/ipv4/af_inet.c:1398)\n[ 62.787605] skb_mac_gso_segment (net/core/gro.c:141)\n[ 62.791906] __skb_gso_segment (net/core/dev.c:3403 (discriminator 2))\n[ 62.800492] validate_xmit_skb (./include/linux/netdevice.h:4862\nnet/core/dev.c:3659)\n[ 62.804695] validate_xmit_skb_list (net/core/dev.c:3710)\n[ 62.809158] sch_direct_xmit (net/sched/sch_generic.c:330)\n[ 62.813198] __dev_queue_xmit (net/core/dev.c:3805 net/core/dev.c:4210)\nnet/netfilter/core.c:626)\n[ 62.821093] br_dev_queue_push_xmit (net/bridge/br_forward.c:55)\n[ 62.825652] maybe_deliver (net/bridge/br_forward.c:193)\n[ 62.829420] br_flood (net/bridge/br_forward.c:233)\n[ 62.832758] br_handle_frame_finish (net/bridge/br_input.c:215)\n[ 62.837403] br_handle_frame (net/bridge/br_input.c:298\nnet/bridge/br_input.c:416)\n[ 62.851417] __netif_receive_skb_core.constprop.0 (net/core/dev.c:5387)\n[ 62.866114] __netif_receive_skb_list_core (net/core/dev.c:5570)\n[ 62.871367] netif_receive_skb_list_internal (net/core/dev.c:5638\nnet/core/dev.c:5727)\n[ 62.876795] napi_complete_done (./include/linux/list.h:37\n./include/net/gro.h:434 ./include/net/gro.h:429 net/core/dev.c:6067)\n[ 62.881004] ixgbe_poll (drivers/net/ethernet/intel/ixgbe/ixgbe_main.c:3191)\n[ 62.893534] __napi_poll (net/core/dev.c:6498)\n[ 62.897133] napi_threaded_poll (./include/linux/netpoll.h:89\nnet/core/dev.c:6640)\n[ 62.905276] kthread (kernel/kthread.c:379)\n[ 62.913435] ret_from_fork (arch/x86/entry/entry_64.S:314)\n[ 62.917119] \u003c/TASK\u003e\n\nIn the critical scenario, rx-gro-list GRO-ed packets are fed, via a\nbridge, both to the local input path and to an egress device (tun).\n\nThe segmentation of such packets unsafely writes to the cloned skbs\nwith shared heads.\n\nThis change addresses the issue by uncloning as needed the\nto-be-segmented skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54094",
"url": "https://www.suse.com/security/cve/CVE-2023-54094"
},
{
"category": "external",
"summary": "SUSE Bug 1256292 for CVE-2023-54094",
"url": "https://bugzilla.suse.com/1256292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54094"
},
{
"cve": "CVE-2023-54095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: Fix notifiers being shared by PCI and VIO buses\n\nfail_iommu_setup() registers the fail_iommu_bus_notifier struct to both\nPCI and VIO buses. struct notifier_block is a linked list node, so this\ncauses any notifiers later registered to either bus type to also be\nregistered to the other since they share the same node.\n\nThis causes issues in (at least) the vgaarb code, which registers a\nnotifier for PCI buses. pci_notify() ends up being called on a vio\ndevice, converted with to_pci_dev() even though it\u0027s not a PCI device,\nand finally makes a bad access in vga_arbiter_add_pci_device() as\ndiscovered with KASAN:\n\n BUG: KASAN: slab-out-of-bounds in vga_arbiter_add_pci_device+0x60/0xe00\n Read of size 4 at addr c000000264c26fdc by task swapper/0/1\n\n Call Trace:\n dump_stack_lvl+0x1bc/0x2b8 (unreliable)\n print_report+0x3f4/0xc60\n kasan_report+0x244/0x698\n __asan_load4+0xe8/0x250\n vga_arbiter_add_pci_device+0x60/0xe00\n pci_notify+0x88/0x444\n notifier_call_chain+0x104/0x320\n blocking_notifier_call_chain+0xa0/0x140\n device_add+0xac8/0x1d30\n device_register+0x58/0x80\n vio_register_device_node+0x9ac/0xce0\n vio_bus_scan_register_devices+0xc4/0x13c\n __machine_initcall_pseries_vio_device_init+0x94/0xf0\n do_one_initcall+0x12c/0xaa8\n kernel_init_freeable+0xa48/0xba8\n kernel_init+0x64/0x400\n ret_from_kernel_thread+0x5c/0x64\n\nFix this by creating separate notifier_block structs for each bus type.\n\n[mpe: Add #ifdef to fix CONFIG_IBMVIO=n build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54095",
"url": "https://www.suse.com/security/cve/CVE-2023-54095"
},
{
"category": "external",
"summary": "SUSE Bug 1256271 for CVE-2023-54095",
"url": "https://bugzilla.suse.com/1256271"
},
{
"category": "external",
"summary": "SUSE Bug 1256272 for CVE-2023-54095",
"url": "https://bugzilla.suse.com/1256272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54095"
},
{
"cve": "CVE-2023-54096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: fix enumeration completion\n\nThe soundwire subsystem uses two completion structures that allow\ndrivers to wait for soundwire device to become enumerated on the bus and\ninitialised by their drivers, respectively.\n\nThe code implementing the signalling is currently broken as it does not\nsignal all current and future waiters and also uses the wrong\nreinitialisation function, which can potentially lead to memory\ncorruption if there are still waiters on the queue.\n\nNot signalling future waiters specifically breaks sound card probe\ndeferrals as codec drivers can not tell that the soundwire device is\nalready attached when being reprobed. Some codec runtime PM\nimplementations suffer from similar problems as waiting for enumeration\nduring resume can also timeout despite the device already having been\nenumerated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54096",
"url": "https://www.suse.com/security/cve/CVE-2023-54096"
},
{
"category": "external",
"summary": "SUSE Bug 1256178 for CVE-2023-54096",
"url": "https://bugzilla.suse.com/1256178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54096"
},
{
"cve": "CVE-2023-54099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Protect reconfiguration of sb read-write from racing writes\n\nThe reconfigure / remount code takes a lot of effort to protect\nfilesystem\u0027s reconfiguration code from racing writes on remounting\nread-only. However during remounting read-only filesystem to read-write\nmode userspace writes can start immediately once we clear SB_RDONLY\nflag. This is inconvenient for example for ext4 because we need to do\nsome writes to the filesystem (such as preparation of quota files)\nbefore we can take userspace writes so we are clearing SB_RDONLY flag\nbefore we are fully ready to accept userpace writes and syzbot has found\na way to exploit this [1]. Also as far as I\u0027m reading the code\nthe filesystem remount code was protected from racing writes in the\nlegacy mount path by the mount\u0027s MNT_READONLY flag so this is relatively\nnew problem. It is actually fairly easy to protect remount read-write\nfrom racing writes using sb-\u003es_readonly_remount flag so let\u0027s just do\nthat instead of having to workaround these races in the filesystem code.\n\n[1] https://lore.kernel.org/all/00000000000006a0df05f6667499@google.com/T/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54099",
"url": "https://www.suse.com/security/cve/CVE-2023-54099"
},
{
"category": "external",
"summary": "SUSE Bug 1256197 for CVE-2023-54099",
"url": "https://bugzilla.suse.com/1256197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54099"
},
{
"cve": "CVE-2023-54101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: soc: xilinx: use _safe loop iterator to avoid a use after free\n\nThe hash_for_each_possible() loop dereferences \"eve_data\" to get the\nnext item on the list. However the loop frees eve_data so it leads to\na use after free. Use hash_for_each_possible_safe() instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54101",
"url": "https://www.suse.com/security/cve/CVE-2023-54101"
},
{
"category": "external",
"summary": "SUSE Bug 1256153 for CVE-2023-54101",
"url": "https://bugzilla.suse.com/1256153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54101"
},
{
"cve": "CVE-2023-54104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()\n\n\u0027op-cs\u0027 is copied in \u0027fun-\u003emchip_number\u0027 which is used to access the\n\u0027mchip_offsets\u0027 and the \u0027rnb_gpio\u0027 arrays.\nThese arrays have NAND_MAX_CHIPS elements, so the index must be below this\nlimit.\n\nFix the sanity check in order to avoid the NAND_MAX_CHIPS value. This\nwould lead to out-of-bound accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54104",
"url": "https://www.suse.com/security/cve/CVE-2023-54104"
},
{
"category": "external",
"summary": "SUSE Bug 1256145 for CVE-2023-54104",
"url": "https://bugzilla.suse.com/1256145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54104"
},
{
"cve": "CVE-2023-54106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fix potential memory leak in mlx5e_init_rep_rx\n\nThe memory pointed to by the priv-\u003erx_res pointer is not freed in the error\npath of mlx5e_init_rep_rx, which can lead to a memory leak. Fix by freeing\nthe memory in the error path, thereby making the error path identical to\nmlx5e_cleanup_rep_rx().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54106",
"url": "https://www.suse.com/security/cve/CVE-2023-54106"
},
{
"category": "external",
"summary": "SUSE Bug 1256358 for CVE-2023-54106",
"url": "https://bugzilla.suse.com/1256358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54106"
},
{
"cve": "CVE-2023-54112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Fix memory leak in error path of kcm_sendmsg()\n\nsyzbot reported a memory leak like below:\n\nBUG: memory leak\nunreferenced object 0xffff88810b088c00 (size 240):\n comm \"syz-executor186\", pid 5012, jiffies 4294943306 (age 13.680s)\n hex dump (first 32 bytes):\n 00 89 08 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff83e5d5ff\u003e] __alloc_skb+0x1ef/0x230 net/core/skbuff.c:634\n [\u003cffffffff84606e59\u003e] alloc_skb include/linux/skbuff.h:1289 [inline]\n [\u003cffffffff84606e59\u003e] kcm_sendmsg+0x269/0x1050 net/kcm/kcmsock.c:815\n [\u003cffffffff83e479c6\u003e] sock_sendmsg_nosec net/socket.c:725 [inline]\n [\u003cffffffff83e479c6\u003e] sock_sendmsg+0x56/0xb0 net/socket.c:748\n [\u003cffffffff83e47f55\u003e] ____sys_sendmsg+0x365/0x470 net/socket.c:2494\n [\u003cffffffff83e4c389\u003e] ___sys_sendmsg+0xc9/0x130 net/socket.c:2548\n [\u003cffffffff83e4c536\u003e] __sys_sendmsg+0xa6/0x120 net/socket.c:2577\n [\u003cffffffff84ad7bb8\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003cffffffff84ad7bb8\u003e] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80\n [\u003cffffffff84c0008b\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIn kcm_sendmsg(), kcm_tx_msg(head)-\u003elast_skb is used as a cursor to append\nnewly allocated skbs to \u0027head\u0027. If some bytes are copied, an error occurred,\nand jumped to out_error label, \u0027last_skb\u0027 is left unmodified. A later\nkcm_sendmsg() will use an obsoleted \u0027last_skb\u0027 reference, corrupting the\n\u0027head\u0027 frag_list and causing the leak.\n\nThis patch fixes this issue by properly updating the last allocated skb in\n\u0027last_skb\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54112",
"url": "https://www.suse.com/security/cve/CVE-2023-54112"
},
{
"category": "external",
"summary": "SUSE Bug 1256354 for CVE-2023-54112",
"url": "https://bugzilla.suse.com/1256354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54112"
},
{
"cve": "CVE-2023-54113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: dump vmalloc memory info safely\n\nCurrently, for double invoke call_rcu(), will dump rcu_head objects memory\ninfo, if the objects is not allocated from the slab allocator, the\nvmalloc_dump_obj() will be invoke and the vmap_area_lock spinlock need to\nbe held, since the call_rcu() can be invoked in interrupt context,\ntherefore, there is a possibility of spinlock deadlock scenarios.\n\nAnd in Preempt-RT kernel, the rcutorture test also trigger the following\nlockdep warning:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0\npreempt_count: 1, expected: 0\nRCU nest depth: 1, expected: 1\n3 locks held by swapper/0/1:\n #0: ffffffffb534ee80 (fullstop_mutex){+.+.}-{4:4}, at: torture_init_begin+0x24/0xa0\n #1: ffffffffb5307940 (rcu_read_lock){....}-{1:3}, at: rcu_torture_init+0x1ec7/0x2370\n #2: ffffffffb536af40 (vmap_area_lock){+.+.}-{3:3}, at: find_vmap_area+0x1f/0x70\nirq event stamp: 565512\nhardirqs last enabled at (565511): [\u003cffffffffb379b138\u003e] __call_rcu_common+0x218/0x940\nhardirqs last disabled at (565512): [\u003cffffffffb5804262\u003e] rcu_torture_init+0x20b2/0x2370\nsoftirqs last enabled at (399112): [\u003cffffffffb36b2586\u003e] __local_bh_enable_ip+0x126/0x170\nsoftirqs last disabled at (399106): [\u003cffffffffb43fef59\u003e] inet_register_protosw+0x9/0x1d0\nPreemption disabled at:\n[\u003cffffffffb58040c3\u003e] rcu_torture_init+0x1f13/0x2370\nCPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.5.0-rc4-rt2-yocto-preempt-rt+ #15\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0xb0\n dump_stack+0x14/0x20\n __might_resched+0x1aa/0x280\n ? __pfx_rcu_torture_err_cb+0x10/0x10\n rt_spin_lock+0x53/0x130\n ? find_vmap_area+0x1f/0x70\n find_vmap_area+0x1f/0x70\n vmalloc_dump_obj+0x20/0x60\n mem_dump_obj+0x22/0x90\n __call_rcu_common+0x5bf/0x940\n ? debug_smp_processor_id+0x1b/0x30\n call_rcu_hurry+0x14/0x20\n rcu_torture_init+0x1f82/0x2370\n ? __pfx_rcu_torture_leak_cb+0x10/0x10\n ? __pfx_rcu_torture_leak_cb+0x10/0x10\n ? __pfx_rcu_torture_init+0x10/0x10\n do_one_initcall+0x6c/0x300\n ? debug_smp_processor_id+0x1b/0x30\n kernel_init_freeable+0x2b9/0x540\n ? __pfx_kernel_init+0x10/0x10\n kernel_init+0x1f/0x150\n ret_from_fork+0x40/0x50\n ? __pfx_kernel_init+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe previous patch fixes this by using the deadlock-safe best-effort\nversion of find_vm_area. However, in case of failure print the fact that\nthe pointer was a vmalloc pointer so that we print at least something.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54113",
"url": "https://www.suse.com/security/cve/CVE-2023-54113"
},
{
"category": "external",
"summary": "SUSE Bug 1256351 for CVE-2023-54113",
"url": "https://bugzilla.suse.com/1256351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54113"
},
{
"cve": "CVE-2023-54115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()\n\nWhen nonstatic_release_resource_db() frees all resources associated\nwith an PCMCIA socket, it forgets to free socket_data too, causing\na memory leak observable with kmemleak:\n\nunreferenced object 0xc28d1000 (size 64):\n comm \"systemd-udevd\", pid 297, jiffies 4294898478 (age 194.484s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ................\n 00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffda4245\u003e] __kmem_cache_alloc_node+0x2d7/0x4a0\n [\u003c7e51f0c8\u003e] kmalloc_trace+0x31/0xa4\n [\u003cd52b4ca0\u003e] nonstatic_init+0x24/0x1a4 [pcmcia_rsrc]\n [\u003ca2f13e08\u003e] pcmcia_register_socket+0x200/0x35c [pcmcia_core]\n [\u003ca728be1b\u003e] yenta_probe+0x4d8/0xa70 [yenta_socket]\n [\u003cc48fac39\u003e] pci_device_probe+0x99/0x194\n [\u003c84b7c690\u003e] really_probe+0x181/0x45c\n [\u003c8060fe6e\u003e] __driver_probe_device+0x75/0x1f4\n [\u003cb9b76f43\u003e] driver_probe_device+0x28/0xac\n [\u003c648b766f\u003e] __driver_attach+0xeb/0x1e4\n [\u003c6e9659eb\u003e] bus_for_each_dev+0x61/0xb4\n [\u003c25a669f3\u003e] driver_attach+0x1e/0x28\n [\u003cd8671d6b\u003e] bus_add_driver+0x102/0x20c\n [\u003cdf0d323c\u003e] driver_register+0x5b/0x120\n [\u003c942cd8a4\u003e] __pci_register_driver+0x44/0x4c\n [\u003ce536027e\u003e] __UNIQUE_ID___addressable_cleanup_module188+0x1c/0xfffff000 [iTCO_vendor_support]\n\nFix this by freeing socket_data too.\n\nTested on a Acer Travelmate 4002WLMi by manually binding/unbinding\nthe yenta_cardbus driver (yenta_socket).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54115",
"url": "https://www.suse.com/security/cve/CVE-2023-54115"
},
{
"category": "external",
"summary": "SUSE Bug 1256121 for CVE-2023-54115",
"url": "https://bugzilla.suse.com/1256121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54115"
},
{
"cve": "CVE-2023-54117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dcssblk: fix kernel crash with list_add corruption\n\nCommit fb08a1908cb1 (\"dax: simplify the dax_device \u003c-\u003e gendisk\nassociation\") introduced new logic for gendisk association, requiring\ndrivers to explicitly call dax_add_host() and dax_remove_host().\n\nFor dcssblk driver, some dax_remove_host() calls were missing, e.g. in\ndevice remove path. The commit also broke error handling for out_dax case\nin device add path, resulting in an extra put_device() w/o the previous\nget_device() in that case.\n\nThis lead to stale xarray entries after device add / remove cycles. In the\ncase when a previously used struct gendisk pointer (xarray index) would be\nused again, because blk_alloc_disk() happened to return such a pointer, the\nxa_insert() in dax_add_host() would fail and go to out_dax, doing the extra\nput_device() in the error path. In combination with an already flawed error\nhandling in dcssblk (device_register() cleanup), which needs to be\naddressed in a separate patch, this resulted in a missing device_del() /\nklist_del(), and eventually in the kernel crash with list_add corruption on\na subsequent device_add() / klist_add().\n\nFix this by adding the missing dax_remove_host() calls, and also move the\nput_device() in the error path to restore the previous logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54117",
"url": "https://www.suse.com/security/cve/CVE-2023-54117"
},
{
"category": "external",
"summary": "SUSE Bug 1256348 for CVE-2023-54117",
"url": "https://bugzilla.suse.com/1256348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54117"
},
{
"cve": "CVE-2023-54121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix incorrect splitting in btrfs_drop_extent_map_range\n\nIn production we were seeing a variety of WARN_ON()\u0027s in the extent_map\ncode, specifically in btrfs_drop_extent_map_range() when we have to call\nadd_extent_mapping() for our second split.\n\nConsider the following extent map layout\n\n\tPINNED\n\t[0 16K) [32K, 48K)\n\nand then we call btrfs_drop_extent_map_range for [0, 36K), with\nskip_pinned == true. The initial loop will have\n\n\tstart = 0\n\tend = 36K\n\tlen = 36K\n\nwe will find the [0, 16k) extent, but since we are pinned we will skip\nit, which has this code\n\n\tstart = em_end;\n\tif (end != (u64)-1)\n\t\tlen = start + len - em_end;\n\nem_end here is 16K, so now the values are\n\n\tstart = 16K\n\tlen = 16K + 36K - 16K = 36K\n\nlen should instead be 20K. This is a problem when we find the next\nextent at [32K, 48K), we need to split this extent to leave [36K, 48k),\nhowever the code for the split looks like this\n\n\tsplit-\u003estart = start + len;\n\tsplit-\u003elen = em_end - (start + len);\n\nIn this case we have\n\n\tem_end = 48K\n\tsplit-\u003estart = 16K + 36K // this should be 16K + 20K\n\tsplit-\u003elen = 48K - (16K + 36K) // this overflows as 16K + 36K is 52K\n\nand now we have an invalid extent_map in the tree that potentially\noverlaps other entries in the extent map. Even in the non-overlapping\ncase we will have split-\u003estart set improperly, which will cause problems\nwith any block related calculations.\n\nWe don\u0027t actually need len in this loop, we can simply use end as our\nend point, and only adjust start up when we find a pinned extent we need\nto skip.\n\nAdjust the logic to do this, which keeps us from inserting an invalid\nextent map.\n\nWe only skip_pinned in the relocation case, so this is relatively rare,\nexcept in the case where you are running relocation a lot, which can\nhappen with auto relocation on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54121",
"url": "https://www.suse.com/security/cve/CVE-2023-54121"
},
{
"category": "external",
"summary": "SUSE Bug 1256267 for CVE-2023-54121",
"url": "https://bugzilla.suse.com/1256267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54121"
},
{
"cve": "CVE-2023-54125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Return error for inconsistent extended attributes\n\nntfs_read_ea is called when we want to read extended attributes. There\nare some sanity checks for the validity of the EAs. However, it fails to\nreturn a proper error code for the inconsistent attributes, which might\nlead to unpredicted memory accesses after return.\n\n[ 138.916927] BUG: KASAN: use-after-free in ntfs_set_ea+0x453/0xbf0\n[ 138.923876] Write of size 4 at addr ffff88800205cfac by task poc/199\n[ 138.931132]\n[ 138.933016] CPU: 0 PID: 199 Comm: poc Not tainted 6.2.0-rc1+ #4\n[ 138.938070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 138.947327] Call Trace:\n[ 138.949557] \u003cTASK\u003e\n[ 138.951539] dump_stack_lvl+0x4d/0x67\n[ 138.956834] print_report+0x16f/0x4a6\n[ 138.960798] ? ntfs_set_ea+0x453/0xbf0\n[ 138.964437] ? kasan_complete_mode_report_info+0x7d/0x200\n[ 138.969793] ? ntfs_set_ea+0x453/0xbf0\n[ 138.973523] kasan_report+0xb8/0x140\n[ 138.976740] ? ntfs_set_ea+0x453/0xbf0\n[ 138.980578] __asan_store4+0x76/0xa0\n[ 138.984669] ntfs_set_ea+0x453/0xbf0\n[ 138.988115] ? __pfx_ntfs_set_ea+0x10/0x10\n[ 138.993390] ? kernel_text_address+0xd3/0xe0\n[ 138.998270] ? __kernel_text_address+0x16/0x50\n[ 139.002121] ? unwind_get_return_address+0x3e/0x60\n[ 139.005659] ? __pfx_stack_trace_consume_entry+0x10/0x10\n[ 139.010177] ? arch_stack_walk+0xa2/0x100\n[ 139.013657] ? filter_irq_stacks+0x27/0x80\n[ 139.017018] ntfs_setxattr+0x405/0x440\n[ 139.022151] ? __pfx_ntfs_setxattr+0x10/0x10\n[ 139.026569] ? kvmalloc_node+0x2d/0x120\n[ 139.030329] ? kasan_save_stack+0x41/0x60\n[ 139.033883] ? kasan_save_stack+0x2a/0x60\n[ 139.037338] ? kasan_set_track+0x29/0x40\n[ 139.040163] ? kasan_save_alloc_info+0x1f/0x30\n[ 139.043588] ? __kasan_kmalloc+0x8b/0xa0\n[ 139.047255] ? __kmalloc_node+0x68/0x150\n[ 139.051264] ? kvmalloc_node+0x2d/0x120\n[ 139.055301] ? vmemdup_user+0x2b/0xa0\n[ 139.058584] __vfs_setxattr+0x121/0x170\n[ 139.062617] ? __pfx___vfs_setxattr+0x10/0x10\n[ 139.066282] __vfs_setxattr_noperm+0x97/0x300\n[ 139.070061] __vfs_setxattr_locked+0x145/0x170\n[ 139.073580] vfs_setxattr+0x137/0x2a0\n[ 139.076641] ? __pfx_vfs_setxattr+0x10/0x10\n[ 139.080223] ? __kasan_check_write+0x18/0x20\n[ 139.084234] do_setxattr+0xce/0x150\n[ 139.087768] setxattr+0x126/0x140\n[ 139.091250] ? __pfx_setxattr+0x10/0x10\n[ 139.094948] ? __virt_addr_valid+0xcb/0x140\n[ 139.097838] ? __call_rcu_common.constprop.0+0x1c7/0x330\n[ 139.102688] ? debug_smp_processor_id+0x1b/0x30\n[ 139.105985] ? kasan_quarantine_put+0x5b/0x190\n[ 139.109980] ? putname+0x84/0xa0\n[ 139.113886] ? __kasan_slab_free+0x11e/0x1b0\n[ 139.117961] ? putname+0x84/0xa0\n[ 139.121316] ? preempt_count_sub+0x1c/0xd0\n[ 139.124427] ? __mnt_want_write+0xae/0x100\n[ 139.127836] ? mnt_want_write+0x8f/0x150\n[ 139.130954] path_setxattr+0x164/0x180\n[ 139.133998] ? __pfx_path_setxattr+0x10/0x10\n[ 139.137853] ? __pfx_ksys_pwrite64+0x10/0x10\n[ 139.141299] ? debug_smp_processor_id+0x1b/0x30\n[ 139.145714] ? fpregs_assert_state_consistent+0x6b/0x80\n[ 139.150796] __x64_sys_setxattr+0x71/0x90\n[ 139.155407] do_syscall_64+0x3f/0x90\n[ 139.159035] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 139.163843] RIP: 0033:0x7f108cae4469\n[ 139.166481] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088\n[ 139.183764] RSP: 002b:00007fff87588388 EFLAGS: 00000286 ORIG_RAX: 00000000000000bc\n[ 139.190657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f108cae4469\n[ 139.196586] RDX: 00007fff875883b0 RSI: 00007fff875883d1 RDI: 00007fff875883b6\n[ 139.201716] RBP: 00007fff8758c530 R08: 0000000000000001 R09: 00007fff8758c618\n[ 139.207940] R10: 0000000000000006 R11: 0000000000000286 R12: 00000000004004c0\n[ 139.214007] R13: 00007fff8758c610 R14: 0000000000000000 R15\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54125",
"url": "https://www.suse.com/security/cve/CVE-2023-54125"
},
{
"category": "external",
"summary": "SUSE Bug 1256117 for CVE-2023-54125",
"url": "https://bugzilla.suse.com/1256117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54125"
},
{
"cve": "CVE-2023-54127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()\n\nSyzkaller reported the following issue:\n==================================================================\nBUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800\nFree of addr ffff888086408000 by task syz-executor.4/12750\n[...]\nCall Trace:\n \u003cTASK\u003e\n[...]\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:482\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1781 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\n slab_free mm/slub.c:3787 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\n jfs_umount+0x248/0x3b0 fs/jfs/jfs_umount.c:87\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1386\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1291\n task_work_run+0x243/0x300 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:171\n exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:296\n do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n \u003c/TASK\u003e\n\nAllocated by task 13352:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\n kmalloc include/linux/slab.h:580 [inline]\n dbMount+0x54/0x980 fs/jfs/jfs_dmap.c:164\n jfs_mount+0x1dd/0x830 fs/jfs/jfs_mount.c:121\n jfs_fill_super+0x590/0xc50 fs/jfs/super.c:556\n mount_bdev+0x26c/0x3a0 fs/super.c:1359\n legacy_get_tree+0xea/0x180 fs/fs_context.c:610\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 13352:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518\n ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1781 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\n slab_free mm/slub.c:3787 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\n jfs_mount_rw+0x545/0x740 fs/jfs/jfs_mount.c:247\n jfs_remount+0x3db/0x710 fs/jfs/super.c:454\n reconfigure_super+0x3bc/0x7b0 fs/super.c:935\n vfs_fsconfig_locked fs/fsopen.c:254 [inline]\n __do_sys_fsconfig fs/fsopen.c:439 [inline]\n __se_sys_fsconfig+0xad5/0x1060 fs/fsopen.c:314\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap wasn\u0027t set to NULL after kfree() in\ndbUnmount().\n\nSyzkaller uses faultinject to reproduce this KASAN double-free\nwarning. The issue is triggered if either diMount() or dbMount() fail\nin jfs_remount(), since diUnmount() or dbUnmount() already happened in\nsuch a case - they will do double-free on next execution: jfs_umount\nor jfs_remount.\n\nTested on both upstream and jfs-next by syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54127",
"url": "https://www.suse.com/security/cve/CVE-2023-54127"
},
{
"category": "external",
"summary": "SUSE Bug 1256119 for CVE-2023-54127",
"url": "https://bugzilla.suse.com/1256119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54127"
},
{
"cve": "CVE-2023-54133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: clean mc addresses in application firmware when closing port\n\nWhen moving devices from one namespace to another, mc addresses are\ncleaned in software while not removed from application firmware. Thus\nthe mc addresses are remained and will cause resource leak.\n\nNow use `__dev_mc_unsync` to clean mc addresses when closing port.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54133",
"url": "https://www.suse.com/security/cve/CVE-2023-54133"
},
{
"category": "external",
"summary": "SUSE Bug 1256104 for CVE-2023-54133",
"url": "https://bugzilla.suse.com/1256104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54133"
},
{
"cve": "CVE-2023-54134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nautofs: fix memory leak of waitqueues in autofs_catatonic_mode\n\nSyzkaller reports a memory leak:\n\nBUG: memory leak\nunreferenced object 0xffff88810b279e00 (size 96):\n comm \"syz-executor399\", pid 3631, jiffies 4294964921 (age 23.870s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 08 9e 27 0b 81 88 ff ff ..........\u0027.....\n 08 9e 27 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ..\u0027.............\n backtrace:\n [\u003cffffffff814cfc90\u003e] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046\n [\u003cffffffff81bb75ca\u003e] kmalloc include/linux/slab.h:576 [inline]\n [\u003cffffffff81bb75ca\u003e] autofs_wait+0x3fa/0x9a0 fs/autofs/waitq.c:378\n [\u003cffffffff81bb88a7\u003e] autofs_do_expire_multi+0xa7/0x3e0 fs/autofs/expire.c:593\n [\u003cffffffff81bb8c33\u003e] autofs_expire_multi+0x53/0x80 fs/autofs/expire.c:619\n [\u003cffffffff81bb6972\u003e] autofs_root_ioctl_unlocked+0x322/0x3b0 fs/autofs/root.c:897\n [\u003cffffffff81bb6a95\u003e] autofs_root_ioctl+0x25/0x30 fs/autofs/root.c:910\n [\u003cffffffff81602a9c\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n [\u003cffffffff81602a9c\u003e] __do_sys_ioctl fs/ioctl.c:870 [inline]\n [\u003cffffffff81602a9c\u003e] __se_sys_ioctl fs/ioctl.c:856 [inline]\n [\u003cffffffff81602a9c\u003e] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856\n [\u003cffffffff84608225\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003cffffffff84608225\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [\u003cffffffff84800087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nautofs_wait_queue structs should be freed if their wait_ctr becomes zero.\nOtherwise they will be lost.\n\nIn this case an AUTOFS_IOC_EXPIRE_MULTI ioctl is done, then a new\nwaitqueue struct is allocated in autofs_wait(), its initial wait_ctr\nequals 2. After that wait_event_killable() is interrupted (it returns\n-ERESTARTSYS), so that \u0027wq-\u003ename.name == NULL\u0027 condition may be not\nsatisfied. Actually, this condition can be satisfied when\nautofs_wait_release() or autofs_catatonic_mode() is called and, what is\nalso important, wait_ctr is decremented in those places. Upon the exit of\nautofs_wait(), wait_ctr is decremented to 1. Then the unmounting process\nbegins: kill_sb calls autofs_catatonic_mode(), which should have freed the\nwaitqueues, but it only decrements its usage counter to zero which is not\na correct behaviour.\n\nedit:imk\nThis description is of course not correct. The umount performed as a result\nof an expire is a umount of a mount that has been automounted, it\u0027s not the\nautofs mount itself. They happen independently, usually after everything\nmounted within the autofs file system has been expired away. If everything\nhasn\u0027t been expired away the automount daemon can still exit leaving mounts\nin place. But expires done in both cases will result in a notification that\ncalls autofs_wait_release() with a result status. The problem case is the\nsummary execution of of the automount daemon. In this case any waiting\nprocesses won\u0027t be woken up until either they are terminated or the mount\nis umounted.\nend edit: imk\n\nSo in catatonic mode we should free waitqueues which counter becomes zero.\n\nedit: imk\nInitially I was concerned that the calling of autofs_wait_release() and\nautofs_catatonic_mode() was not mutually exclusive but that can\u0027t be the\ncase (obviously) because the queue entry (or entries) is removed from the\nlist when either of these two functions are called. Consequently the wait\nentry will be freed by only one of these functions or by the woken process\nin autofs_wait() depending on the order of the calls.\nend edit: imk",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54134",
"url": "https://www.suse.com/security/cve/CVE-2023-54134"
},
{
"category": "external",
"summary": "SUSE Bug 1256106 for CVE-2023-54134",
"url": "https://bugzilla.suse.com/1256106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54134"
},
{
"cve": "CVE-2023-54135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix potential out-of-bounds access in mas_wr_end_piv()\n\nCheck the write offset end bounds before using it as the offset into the\npivot array. This avoids a possible out-of-bounds access on the pivot\narray if the write extends to the last slot in the node, in which case the\nnode maximum should be used as the end pivot.\n\nakpm: this doesn\u0027t affect any current callers, but new users of mapletree\nmay encounter this problem if backported into earlier kernels, so let\u0027s\nfix it in -stable kernels in case of this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54135",
"url": "https://www.suse.com/security/cve/CVE-2023-54135"
},
{
"category": "external",
"summary": "SUSE Bug 1256107 for CVE-2023-54135",
"url": "https://bugzilla.suse.com/1256107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54135"
},
{
"cve": "CVE-2023-54136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sprd: Fix DMA buffer leak issue\n\nRelease DMA buffer when _probe() returns failure to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54136",
"url": "https://www.suse.com/security/cve/CVE-2023-54136"
},
{
"category": "external",
"summary": "SUSE Bug 1256099 for CVE-2023-54136",
"url": "https://bugzilla.suse.com/1256099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54136"
},
{
"cve": "CVE-2023-54137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54137"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/type1: fix cap_migration information leak\n\nFix an information leak where an uninitialized hole in struct\nvfio_iommu_type1_info_cap_migration on the stack is exposed to userspace.\n\nThe definition of struct vfio_iommu_type1_info_cap_migration contains a hole as\nshown in this pahole(1) output:\n\n struct vfio_iommu_type1_info_cap_migration {\n struct vfio_info_cap_header header; /* 0 8 */\n __u32 flags; /* 8 4 */\n\n /* XXX 4 bytes hole, try to pack */\n\n __u64 pgsize_bitmap; /* 16 8 */\n __u64 max_dirty_bitmap_size; /* 24 8 */\n\n /* size: 32, cachelines: 1, members: 4 */\n /* sum members: 28, holes: 1, sum holes: 4 */\n /* last cacheline: 32 bytes */\n };\n\nThe cap_mig variable is filled in without initializing the hole:\n\n static int vfio_iommu_migration_build_caps(struct vfio_iommu *iommu,\n struct vfio_info_cap *caps)\n {\n struct vfio_iommu_type1_info_cap_migration cap_mig;\n\n cap_mig.header.id = VFIO_IOMMU_TYPE1_INFO_CAP_MIGRATION;\n cap_mig.header.version = 1;\n\n cap_mig.flags = 0;\n /* support minimum pgsize */\n cap_mig.pgsize_bitmap = (size_t)1 \u003c\u003c __ffs(iommu-\u003epgsize_bitmap);\n cap_mig.max_dirty_bitmap_size = DIRTY_BITMAP_SIZE_MAX;\n\n return vfio_info_add_capability(caps, \u0026cap_mig.header, sizeof(cap_mig));\n }\n\nThe structure is then copied to a temporary location on the heap. At this point\nit\u0027s already too late and ioctl(VFIO_IOMMU_GET_INFO) copies it to userspace\nlater:\n\n int vfio_info_add_capability(struct vfio_info_cap *caps,\n struct vfio_info_cap_header *cap, size_t size)\n {\n struct vfio_info_cap_header *header;\n\n header = vfio_info_cap_add(caps, size, cap-\u003eid, cap-\u003eversion);\n if (IS_ERR(header))\n return PTR_ERR(header);\n\n memcpy(header + 1, cap + 1, size - sizeof(*header));\n\n return 0;\n }\n\nThis issue was found by code inspection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54137",
"url": "https://www.suse.com/security/cve/CVE-2023-54137"
},
{
"category": "external",
"summary": "SUSE Bug 1256100 for CVE-2023-54137",
"url": "https://bugzilla.suse.com/1256100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54137"
},
{
"cve": "CVE-2023-54140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse\n\nA syzbot stress test using a corrupted disk image reported that\nmark_buffer_dirty() called from __nilfs_mark_inode_dirty() or\nnilfs_palloc_commit_alloc_entry() may output a kernel warning, and can\npanic if the kernel is booted with panic_on_warn.\n\nThis is because nilfs2 keeps buffer pointers in local structures for some\nmetadata and reuses them, but such buffers may be forcibly discarded by\nnilfs_clear_dirty_page() in some critical situations.\n\nThis issue is reported to appear after commit 28a65b49eb53 (\"nilfs2: do\nnot write dirty data after degenerating to read-only\"), but the issue has\npotentially existed before.\n\nFix this issue by checking the uptodate flag when attempting to reuse an\ninternally held buffer, and reloading the metadata instead of reusing the\nbuffer if the flag was lost.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54140",
"url": "https://www.suse.com/security/cve/CVE-2023-54140"
},
{
"category": "external",
"summary": "SUSE Bug 1256093 for CVE-2023-54140",
"url": "https://bugzilla.suse.com/1256093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54140"
},
{
"cve": "CVE-2023-54141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Add missing hw_ops-\u003eget_ring_selector() for IPQ5018\n\nDuring sending data after clients connected, hw_ops-\u003eget_ring_selector()\nwill be called. But for IPQ5018, this member isn\u0027t set, and the\nfollowing NULL pointer exception will be occurred:\n\n\t[ 38.840478] 8\u003c--- cut here ---\n\t[ 38.840517] Unable to handle kernel NULL pointer dereference at virtual address 00000000\n\t...\n\t[ 38.923161] PC is at 0x0\n\t[ 38.927930] LR is at ath11k_dp_tx+0x70/0x730 [ath11k]\n\t...\n\t[ 39.063264] Process hostapd (pid: 1034, stack limit = 0x801ceb3d)\n\t[ 39.068994] Stack: (0x856a9a68 to 0x856aa000)\n\t...\n\t[ 39.438467] [\u003c7f323804\u003e] (ath11k_dp_tx [ath11k]) from [\u003c7f314e6c\u003e] (ath11k_mac_op_tx+0x80/0x190 [ath11k])\n\t[ 39.446607] [\u003c7f314e6c\u003e] (ath11k_mac_op_tx [ath11k]) from [\u003c7f17dbe0\u003e] (ieee80211_handle_wake_tx_queue+0x7c/0xc0 [mac80211])\n\t[ 39.456162] [\u003c7f17dbe0\u003e] (ieee80211_handle_wake_tx_queue [mac80211]) from [\u003c7f174450\u003e] (ieee80211_probereq_get+0x584/0x704 [mac80211])\n\t[ 39.467443] [\u003c7f174450\u003e] (ieee80211_probereq_get [mac80211]) from [\u003c7f178c40\u003e] (ieee80211_tx_prepare_skb+0x1f8/0x248 [mac80211])\n\t[ 39.479334] [\u003c7f178c40\u003e] (ieee80211_tx_prepare_skb [mac80211]) from [\u003c7f179e28\u003e] (__ieee80211_subif_start_xmit+0x32c/0x3d4 [mac80211])\n\t[ 39.491053] [\u003c7f179e28\u003e] (__ieee80211_subif_start_xmit [mac80211]) from [\u003c7f17af08\u003e] (ieee80211_tx_control_port+0x19c/0x288 [mac80211])\n\t[ 39.502946] [\u003c7f17af08\u003e] (ieee80211_tx_control_port [mac80211]) from [\u003c7f0fc704\u003e] (nl80211_tx_control_port+0x174/0x1d4 [cfg80211])\n\t[ 39.515017] [\u003c7f0fc704\u003e] (nl80211_tx_control_port [cfg80211]) from [\u003c808ceac4\u003e] (genl_rcv_msg+0x154/0x340)\n\t[ 39.526814] [\u003c808ceac4\u003e] (genl_rcv_msg) from [\u003c808cdb74\u003e] (netlink_rcv_skb+0xb8/0x11c)\n\t[ 39.536446] [\u003c808cdb74\u003e] (netlink_rcv_skb) from [\u003c808ce1d0\u003e] (genl_rcv+0x28/0x34)\n\t[ 39.544344] [\u003c808ce1d0\u003e] (genl_rcv) from [\u003c808cd234\u003e] (netlink_unicast+0x174/0x274)\n\t[ 39.551895] [\u003c808cd234\u003e] (netlink_unicast) from [\u003c808cd510\u003e] (netlink_sendmsg+0x1dc/0x440)\n\t[ 39.559362] [\u003c808cd510\u003e] (netlink_sendmsg) from [\u003c808596e0\u003e] (____sys_sendmsg+0x1a8/0x1fc)\n\t[ 39.567697] [\u003c808596e0\u003e] (____sys_sendmsg) from [\u003c8085b1a8\u003e] (___sys_sendmsg+0xa4/0xdc)\n\t[ 39.575941] [\u003c8085b1a8\u003e] (___sys_sendmsg) from [\u003c8085b310\u003e] (sys_sendmsg+0x44/0x74)\n\t[ 39.583841] [\u003c8085b310\u003e] (sys_sendmsg) from [\u003c80300060\u003e] (ret_fast_syscall+0x0/0x40)\n\t...\n\t[ 39.620734] Code: bad PC value\n\t[ 39.625869] ---[ end trace 8aef983ad3cbc032 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54141",
"url": "https://www.suse.com/security/cve/CVE-2023-54141"
},
{
"category": "external",
"summary": "SUSE Bug 1256094 for CVE-2023-54141",
"url": "https://bugzilla.suse.com/1256094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54141"
},
{
"cve": "CVE-2023-54142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Fix use-after-free in __gtp_encap_destroy().\n\nsyzkaller reported use-after-free in __gtp_encap_destroy(). [0]\n\nIt shows the same process freed sk and touched it illegally.\n\nCommit e198987e7dd7 (\"gtp: fix suspicious RCU usage\") added lock_sock()\nand release_sock() in __gtp_encap_destroy() to protect sk-\u003esk_user_data,\nbut release_sock() is called after sock_put() releases the last refcnt.\n\n[0]:\nBUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\nBUG: KASAN: slab-use-after-free in atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]\nBUG: KASAN: slab-use-after-free in queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock include/linux/spinlock.h:186 [inline]\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178\nWrite of size 4 at addr ffff88800dbef398 by task syz-executor.2/2401\n\nCPU: 1 PID: 2401 Comm: syz-executor.2 Not tainted 6.4.0-rc5-01219-gfa0e21fa4443 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x72/0xa0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:351 [inline]\n print_report+0xcc/0x620 mm/kasan/report.c:462\n kasan_report+0xb2/0xe0 mm/kasan/report.c:572\n check_region_inline mm/kasan/generic.c:181 [inline]\n kasan_check_range+0x39/0x1c0 mm/kasan/generic.c:187\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]\n queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]\n do_raw_spin_lock include/linux/spinlock.h:186 [inline]\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]\n _raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:355 [inline]\n release_sock+0x1f/0x1a0 net/core/sock.c:3526\n gtp_encap_disable_sock drivers/net/gtp.c:651 [inline]\n gtp_encap_disable+0xb9/0x220 drivers/net/gtp.c:664\n gtp_dev_uninit+0x19/0x50 drivers/net/gtp.c:728\n unregister_netdevice_many_notify+0x97e/0x1520 net/core/dev.c:10841\n rtnl_delete_link net/core/rtnetlink.c:3216 [inline]\n rtnl_dellink+0x3c0/0xb30 net/core/rtnetlink.c:3268\n rtnetlink_rcv_msg+0x450/0xb10 net/core/rtnetlink.c:6423\n netlink_rcv_skb+0x15d/0x450 net/netlink/af_netlink.c:2548\n netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\n netlink_unicast+0x700/0x930 net/netlink/af_netlink.c:1365\n netlink_sendmsg+0x91c/0xe30 net/netlink/af_netlink.c:1913\n sock_sendmsg_nosec net/socket.c:724 [inline]\n sock_sendmsg+0x1b7/0x200 net/socket.c:747\n ____sys_sendmsg+0x75a/0x990 net/socket.c:2493\n ___sys_sendmsg+0x11d/0x1c0 net/socket.c:2547\n __sys_sendmsg+0xfe/0x1d0 net/socket.c:2576\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f1168b1fe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f1167edccc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f1168b1fe5d\nRDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f1168b80530 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 1483:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54142",
"url": "https://www.suse.com/security/cve/CVE-2023-54142"
},
{
"category": "external",
"summary": "SUSE Bug 1256095 for CVE-2023-54142",
"url": "https://bugzilla.suse.com/1256095"
},
{
"category": "external",
"summary": "SUSE Bug 1256097 for CVE-2023-54142",
"url": "https://bugzilla.suse.com/1256097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2023-54142"
},
{
"cve": "CVE-2023-54143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init()\n\nIf we encounter any error in the vdec_msg_queue_init() then we need\nto set \"msg_queue-\u003ewdma_addr.size = 0;\". Normally, this is done\ninside the vdec_msg_queue_deinit() function. However, if the\nfirst call to allocate \u0026msg_queue-\u003ewdma_addr fails, then the\nvdec_msg_queue_deinit() function is a no-op. For that situation, just\nset the size to zero explicitly and return.\n\nThere were two other error paths which did not clean up before returning.\nChange those error paths to goto mem_alloc_err.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54143",
"url": "https://www.suse.com/security/cve/CVE-2023-54143"
},
{
"category": "external",
"summary": "SUSE Bug 1256096 for CVE-2023-54143",
"url": "https://bugzilla.suse.com/1256096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54143"
},
{
"cve": "CVE-2023-54145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log\n\nIt\u0027s trivial for user to trigger \"verifier log line truncated\" warning,\nas verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at\nleast two pieces of user-provided information that can be output through\nthis buffer, and both can be arbitrarily sized by user:\n - BTF names;\n - BTF.ext source code lines strings.\n\nVerifier log buffer should be properly sized for typical verifier state\noutput. But it\u0027s sort-of expected that this buffer won\u0027t be long enough\nin some circumstances. So let\u0027s drop the check. In any case code will\nwork correctly, at worst truncating a part of a single line output.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54145",
"url": "https://www.suse.com/security/cve/CVE-2023-54145"
},
{
"category": "external",
"summary": "SUSE Bug 1256090 for CVE-2023-54145",
"url": "https://bugzilla.suse.com/1256090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54145"
},
{
"cve": "CVE-2023-54148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Move representor neigh cleanup to profile cleanup_tx\n\nFor IP tunnel encapsulation in ECMP (Equal-Cost Multipath) mode, as\nthe flow is duplicated to the peer eswitch, the related neighbour\ninformation on the peer uplink representor is created as well.\n\nIn the cited commit, eswitch devcom unpair is moved to uplink unload\nAPI, specifically the profile-\u003ecleanup_tx. If there is a encap rule\noffloaded in ECMP mode, when one eswitch does unpair (because of\nunloading the driver, for instance), and the peer rule from the peer\neswitch is going to be deleted, the use-after-free error is triggered\nwhile accessing neigh info, as it is already cleaned up in uplink\u0027s\nprofile-\u003edisable, which is before its profile-\u003ecleanup_tx.\n\nTo fix this issue, move the neigh cleanup to profile\u0027s cleanup_tx\ncallback, and after mlx5e_cleanup_uplink_rep_tx is called. The neigh\ninit is moved to init_tx for symmeter.\n\n[ 2453.376299] BUG: KASAN: slab-use-after-free in mlx5e_rep_neigh_entry_release+0x109/0x3a0 [mlx5_core]\n[ 2453.379125] Read of size 4 at addr ffff888127af9008 by task modprobe/2496\n\n[ 2453.381542] CPU: 7 PID: 2496 Comm: modprobe Tainted: G B 6.4.0-rc7+ #15\n[ 2453.383386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 2453.384335] Call Trace:\n[ 2453.384625] \u003cTASK\u003e\n[ 2453.384891] dump_stack_lvl+0x33/0x50\n[ 2453.385285] print_report+0xc2/0x610\n[ 2453.385667] ? __virt_addr_valid+0xb1/0x130\n[ 2453.386091] ? mlx5e_rep_neigh_entry_release+0x109/0x3a0 [mlx5_core]\n[ 2453.386757] kasan_report+0xae/0xe0\n[ 2453.387123] ? mlx5e_rep_neigh_entry_release+0x109/0x3a0 [mlx5_core]\n[ 2453.387798] mlx5e_rep_neigh_entry_release+0x109/0x3a0 [mlx5_core]\n[ 2453.388465] mlx5e_rep_encap_entry_detach+0xa6/0xe0 [mlx5_core]\n[ 2453.389111] mlx5e_encap_dealloc+0xa7/0x100 [mlx5_core]\n[ 2453.389706] mlx5e_tc_tun_encap_dests_unset+0x61/0xb0 [mlx5_core]\n[ 2453.390361] mlx5_free_flow_attr_actions+0x11e/0x340 [mlx5_core]\n[ 2453.391015] ? complete_all+0x43/0xd0\n[ 2453.391398] ? free_flow_post_acts+0x38/0x120 [mlx5_core]\n[ 2453.392004] mlx5e_tc_del_fdb_flow+0x4ae/0x690 [mlx5_core]\n[ 2453.392618] mlx5e_tc_del_fdb_peers_flow+0x308/0x370 [mlx5_core]\n[ 2453.393276] mlx5e_tc_clean_fdb_peer_flows+0xf5/0x140 [mlx5_core]\n[ 2453.393925] mlx5_esw_offloads_unpair+0x86/0x540 [mlx5_core]\n[ 2453.394546] ? mlx5_esw_offloads_set_ns_peer.isra.0+0x180/0x180 [mlx5_core]\n[ 2453.395268] ? down_write+0xaa/0x100\n[ 2453.395652] mlx5_esw_offloads_devcom_event+0x203/0x530 [mlx5_core]\n[ 2453.396317] mlx5_devcom_send_event+0xbb/0x190 [mlx5_core]\n[ 2453.396917] mlx5_esw_offloads_devcom_cleanup+0xb0/0xd0 [mlx5_core]\n[ 2453.397582] mlx5e_tc_esw_cleanup+0x42/0x120 [mlx5_core]\n[ 2453.398182] mlx5e_rep_tc_cleanup+0x15/0x30 [mlx5_core]\n[ 2453.398768] mlx5e_cleanup_rep_tx+0x6c/0x80 [mlx5_core]\n[ 2453.399367] mlx5e_detach_netdev+0xee/0x120 [mlx5_core]\n[ 2453.399957] mlx5e_netdev_change_profile+0x84/0x170 [mlx5_core]\n[ 2453.400598] mlx5e_vport_rep_unload+0xe0/0xf0 [mlx5_core]\n[ 2453.403781] mlx5_eswitch_unregister_vport_reps+0x15e/0x190 [mlx5_core]\n[ 2453.404479] ? mlx5_eswitch_register_vport_reps+0x200/0x200 [mlx5_core]\n[ 2453.405170] ? up_write+0x39/0x60\n[ 2453.405529] ? kernfs_remove_by_name_ns+0xb7/0xe0\n[ 2453.405985] auxiliary_bus_remove+0x2e/0x40\n[ 2453.406405] device_release_driver_internal+0x243/0x2d0\n[ 2453.406900] ? kobject_put+0x42/0x2d0\n[ 2453.407284] bus_remove_device+0x128/0x1d0\n[ 2453.407687] device_del+0x240/0x550\n[ 2453.408053] ? waiting_for_supplier_show+0xe0/0xe0\n[ 2453.408511] ? kobject_put+0xfa/0x2d0\n[ 2453.408889] ? __kmem_cache_free+0x14d/0x280\n[ 2453.409310] mlx5_rescan_drivers_locked.part.0+0xcd/0x2b0 [mlx5_core]\n[ 2453.409973] mlx5_unregister_device+0x40/0x50 [mlx5_core]\n[ 2453.410561] mlx5_uninit_one+0x3d/0x110 [mlx5_core]\n[ 2453.411111] remove_one+0x89/0x130 [mlx5_core]\n[ 24\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54148",
"url": "https://www.suse.com/security/cve/CVE-2023-54148"
},
{
"category": "external",
"summary": "SUSE Bug 1256084 for CVE-2023-54148",
"url": "https://bugzilla.suse.com/1256084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54148"
},
{
"cve": "CVE-2023-54149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses\n\nWhen using the felix driver (the only one which supports UC filtering\nand MC filtering) as a DSA master for a random other DSA switch, one can\nsee the following stack trace when the downstream switch ports join a\nVLAN-aware bridge:\n\n=============================\nWARNING: suspicious RCU usage\n-----------------------------\nnet/8021q/vlan_core.c:238 suspicious rcu_dereference_protected() usage!\n\nstack backtrace:\nWorkqueue: dsa_ordered dsa_slave_switchdev_event_work\nCall trace:\n lockdep_rcu_suspicious+0x170/0x210\n vlan_for_each+0x8c/0x188\n dsa_slave_sync_uc+0x128/0x178\n __hw_addr_sync_dev+0x138/0x158\n dsa_slave_set_rx_mode+0x58/0x70\n __dev_set_rx_mode+0x88/0xa8\n dev_uc_add+0x74/0xa0\n dsa_port_bridge_host_fdb_add+0xec/0x180\n dsa_slave_switchdev_event_work+0x7c/0x1c8\n process_one_work+0x290/0x568\n\nWhat it\u0027s saying is that vlan_for_each() expects rtnl_lock() context and\nit\u0027s not getting it, when it\u0027s called from the DSA master\u0027s ndo_set_rx_mode().\n\nThe caller of that - dsa_slave_set_rx_mode() - is the slave DSA\ninterface\u0027s dsa_port_bridge_host_fdb_add() which comes from the deferred\ndsa_slave_switchdev_event_work().\n\nWe went to great lengths to avoid the rtnl_lock() context in that call\npath in commit 0faf890fc519 (\"net: dsa: drop rtnl_lock from\ndsa_slave_switchdev_event_work\"), and calling rtnl_lock() is simply not\nan option due to the possibility of deadlocking when calling\ndsa_flush_workqueue() from the call paths that do hold rtnl_lock() -\nbasically all of them.\n\nSo, when the DSA master calls vlan_for_each() from its ndo_set_rx_mode(),\nthe state of the 8021q driver on this device is really not protected\nfrom concurrent access by anything.\n\nLooking at net/8021q/, I don\u0027t think that vlan_info-\u003evid_list was\nparticularly designed with RCU traversal in mind, so introducing an RCU\nread-side form of vlan_for_each() - vlan_for_each_rcu() - won\u0027t be so\neasy, and it also wouldn\u0027t be exactly what we need anyway.\n\nIn general I believe that the solution isn\u0027t in net/8021q/ anyway;\nvlan_for_each() is not cut out for this task. DSA doesn\u0027t need rtnl_lock()\nto be held per se - since it\u0027s not a netdev state change that we\u0027re\nblocking, but rather, just concurrent additions/removals to a VLAN list.\nWe don\u0027t even need sleepable context - the callback of vlan_for_each()\njust schedules deferred work.\n\nThe proposed escape is to remove the dependency on vlan_for_each() and\nto open-code a non-sleepable, rtnl-free alternative to that, based on\ncopies of the VLAN list modified from .ndo_vlan_rx_add_vid() and\n.ndo_vlan_rx_kill_vid().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54149",
"url": "https://www.suse.com/security/cve/CVE-2023-54149"
},
{
"category": "external",
"summary": "SUSE Bug 1256085 for CVE-2023-54149",
"url": "https://bugzilla.suse.com/1256085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54149"
},
{
"cve": "CVE-2023-54153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: turn quotas off if mount failed after enabling quotas\n\nYi found during a review of the patch \"ext4: don\u0027t BUG on inconsistent\njournal feature\" that when ext4_mark_recovery_complete() returns an error\nvalue, the error handling path does not turn off the enabled quotas,\nwhich triggers the following kmemleak:\n\n================================================================\nunreferenced object 0xffff8cf68678e7c0 (size 64):\ncomm \"mount\", pid 746, jiffies 4294871231 (age 11.540s)\nhex dump (first 32 bytes):\n00 90 ef 82 f6 8c ff ff 00 00 00 00 41 01 00 00 ............A...\nc7 00 00 00 bd 00 00 00 0a 00 00 00 48 00 00 00 ............H...\nbacktrace:\n[\u003c00000000c561ef24\u003e] __kmem_cache_alloc_node+0x4d4/0x880\n[\u003c00000000d4e621d7\u003e] kmalloc_trace+0x39/0x140\n[\u003c00000000837eee74\u003e] v2_read_file_info+0x18a/0x3a0\n[\u003c0000000088f6c877\u003e] dquot_load_quota_sb+0x2ed/0x770\n[\u003c00000000340a4782\u003e] dquot_load_quota_inode+0xc6/0x1c0\n[\u003c0000000089a18bd5\u003e] ext4_enable_quotas+0x17e/0x3a0 [ext4]\n[\u003c000000003a0268fa\u003e] __ext4_fill_super+0x3448/0x3910 [ext4]\n[\u003c00000000b0f2a8a8\u003e] ext4_fill_super+0x13d/0x340 [ext4]\n[\u003c000000004a9489c4\u003e] get_tree_bdev+0x1dc/0x370\n[\u003c000000006e723bf1\u003e] ext4_get_tree+0x1d/0x30 [ext4]\n[\u003c00000000c7cb663d\u003e] vfs_get_tree+0x31/0x160\n[\u003c00000000320e1bed\u003e] do_new_mount+0x1d5/0x480\n[\u003c00000000c074654c\u003e] path_mount+0x22e/0xbe0\n[\u003c0000000003e97a8e\u003e] do_mount+0x95/0xc0\n[\u003c000000002f3d3736\u003e] __x64_sys_mount+0xc4/0x160\n[\u003c0000000027d2140c\u003e] do_syscall_64+0x3f/0x90\n================================================================\n\nTo solve this problem, we add a \"failed_mount10\" tag, and call\next4_quota_off_umount() in this tag to release the enabled qoutas.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54153",
"url": "https://www.suse.com/security/cve/CVE-2023-54153"
},
{
"category": "external",
"summary": "SUSE Bug 1256081 for CVE-2023-54153",
"url": "https://bugzilla.suse.com/1256081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54153"
},
{
"cve": "CVE-2023-54154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix target_cmd_counter leak\n\nThe target_cmd_counter struct allocated via target_alloc_cmd_counter() is\nnever freed, resulting in leaks across various transport types, e.g.:\n\n unreferenced object 0xffff88801f920120 (size 96):\n comm \"sh\", pid 102, jiffies 4294892535 (age 713.412s)\n hex dump (first 32 bytes):\n 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8.......\n backtrace:\n [\u003c00000000e58a6252\u003e] kmalloc_trace+0x11/0x20\n [\u003c0000000043af4b2f\u003e] target_alloc_cmd_counter+0x17/0x90 [target_core_mod]\n [\u003c000000007da2dfa7\u003e] target_setup_session+0x2d/0x140 [target_core_mod]\n [\u003c0000000068feef86\u003e] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop]\n [\u003c000000006a80e021\u003e] configfs_write_iter+0xb1/0x120\n [\u003c00000000e9f4d860\u003e] vfs_write+0x2e4/0x3c0\n [\u003c000000008143433b\u003e] ksys_write+0x80/0xb0\n [\u003c00000000a7df29b2\u003e] do_syscall_64+0x42/0x90\n [\u003c0000000053f45fb8\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFree the structure alongside the corresponding iscsit_conn / se_sess\nparent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54154",
"url": "https://www.suse.com/security/cve/CVE-2023-54154"
},
{
"category": "external",
"summary": "SUSE Bug 1256082 for CVE-2023-54154",
"url": "https://bugzilla.suse.com/1256082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54154"
},
{
"cve": "CVE-2023-54155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()\n\nSyzkaller reported the following issue:\n=======================================\nToo BIG xdp-\u003eframe_sz = 131072\nWARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121\n ____bpf_xdp_adjust_tail net/core/filter.c:4121 [inline]\nWARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121\n bpf_xdp_adjust_tail+0x466/0xa10 net/core/filter.c:4103\n...\nCall Trace:\n \u003cTASK\u003e\n bpf_prog_4add87e5301a4105+0x1a/0x1c\n __bpf_prog_run include/linux/filter.h:600 [inline]\n bpf_prog_run_xdp include/linux/filter.h:775 [inline]\n bpf_prog_run_generic_xdp+0x57e/0x11e0 net/core/dev.c:4721\n netif_receive_generic_xdp net/core/dev.c:4807 [inline]\n do_xdp_generic+0x35c/0x770 net/core/dev.c:4866\n tun_get_user+0x2340/0x3ca0 drivers/net/tun.c:1919\n tun_chr_write_iter+0xe8/0x210 drivers/net/tun.c:2043\n call_write_iter include/linux/fs.h:1871 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x650/0xe40 fs/read_write.c:584\n ksys_write+0x12f/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nxdp-\u003eframe_sz \u003e PAGE_SIZE check was introduced in commit c8741e2bfe87\n(\"xdp: Allow bpf_xdp_adjust_tail() to grow packet size\"). But Jesper\nDangaard Brouer \u003cjbrouer@redhat.com\u003e noted that after introducing the\nxdp_init_buff() which all XDP driver use - it\u0027s safe to remove this\ncheck. The original intend was to catch cases where XDP drivers have\nnot been updated to use xdp.frame_sz, but that is not longer a concern\n(since xdp_init_buff).\n\nRunning the initial syzkaller repro it was discovered that the\ncontiguous physical memory allocation is used for both xdp paths in\ntun_get_user(), e.g. tun_build_skb() and tun_alloc_skb(). It was also\nstated by Jesper Dangaard Brouer \u003cjbrouer@redhat.com\u003e that XDP can\nwork on higher order pages, as long as this is contiguous physical\nmemory (e.g. a page).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54155",
"url": "https://www.suse.com/security/cve/CVE-2023-54155"
},
{
"category": "external",
"summary": "SUSE Bug 1256083 for CVE-2023-54155",
"url": "https://bugzilla.suse.com/1256083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54155"
},
{
"cve": "CVE-2023-54156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix crash when reading stats while NIC is resetting\n\nefx_net_stats() (.ndo_get_stats64) can be called during an ethtool\n selftest, during which time nic_data-\u003emc_stats is NULL as the NIC has\n been fini\u0027d. In this case do not attempt to fetch the latest stats\n from the hardware, else we will crash on a NULL dereference:\n BUG: kernel NULL pointer dereference, address: 0000000000000038\n RIP efx_nic_update_stats\n abridged calltrace:\n efx_ef10_update_stats_pf\n efx_net_stats\n dev_get_stats\n dev_seq_printf_stats\nSkipping the read is safe, we will simply give out stale stats.\nTo ensure that the free in efx_ef10_fini_nic() does not race against\n efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the\n efx-\u003estats_lock in fini_nic (it is already held across update_stats).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54156",
"url": "https://www.suse.com/security/cve/CVE-2023-54156"
},
{
"category": "external",
"summary": "SUSE Bug 1255704 for CVE-2023-54156",
"url": "https://bugzilla.suse.com/1255704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54156"
},
{
"cve": "CVE-2023-54164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: fix iso_conn related locking and validity issues\n\nsk-\u003esk_state indicates whether iso_pi(sk)-\u003econn is valid. Operations\nthat check/update sk_state and access conn should hold lock_sock,\notherwise they can race.\n\nThe order of taking locks is hci_dev_lock \u003e lock_sock \u003e iso_conn_lock,\nwhich is how it is in connect/disconnect_cfm -\u003e iso_conn_del -\u003e\niso_chan_del.\n\nFix locking in iso_connect_cis/bis and sendmsg/recvmsg to take lock_sock\naround updating sk_state and conn.\n\niso_conn_del must not occur during iso_connect_cis/bis, as it frees the\niso_conn. Hold hdev-\u003elock longer to prevent that.\n\nThis should not reintroduce the issue fixed in commit 241f51931c35\n(\"Bluetooth: ISO: Avoid circular locking dependency\"), since the we\nacquire locks in order. We retain the fix in iso_sock_connect to release\nlock_sock before iso_connect_* acquires hdev-\u003elock.\n\nSimilarly for commit 6a5ad251b7cd (\"Bluetooth: ISO: Fix possible\ncircular locking dependency\"). We retain the fix in iso_conn_ready to\nnot acquire iso_conn_lock before lock_sock.\n\niso_conn_add shall return iso_conn with valid hcon. Make it so also when\nreusing an old CIS connection waiting for disconnect timeout (see\n__iso_sock_close where conn-\u003ehcon is set to NULL).\n\nTrace with iso_conn_del after iso_chan_add in iso_connect_cis:\n===============================================================\niso_sock_create:771: sock 00000000be9b69b7\niso_sock_init:693: sk 000000004dff667e\niso_sock_bind:827: sk 000000004dff667e 70:1a:b8:98:ff:a2 type 1\niso_sock_setsockopt:1289: sk 000000004dff667e\niso_sock_setsockopt:1289: sk 000000004dff667e\niso_sock_setsockopt:1289: sk 000000004dff667e\niso_sock_connect:875: sk 000000004dff667e\niso_connect_cis:353: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\nhci_get_route:1199: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\nhci_conn_add:1005: hci0 dst 28:3d:c2:4a:7e:da\niso_conn_add:140: hcon 000000007b65d182 conn 00000000daf8625e\n__iso_chan_add:214: conn 00000000daf8625e\niso_connect_cfm:1700: hcon 000000007b65d182 bdaddr 28:3d:c2:4a:7e:da status 12\niso_conn_del:187: hcon 000000007b65d182 conn 00000000daf8625e, err 16\niso_sock_clear_timer:117: sock 000000004dff667e state 3\n \u003cNote: sk_state is BT_BOUND (3), so iso_connect_cis is still\n running at this point\u003e\niso_chan_del:153: sk 000000004dff667e, conn 00000000daf8625e, err 16\nhci_conn_del:1151: hci0 hcon 000000007b65d182 handle 65535\nhci_conn_unlink:1102: hci0: hcon 000000007b65d182\nhci_chan_list_flush:2780: hcon 000000007b65d182\niso_sock_getsockopt:1376: sk 000000004dff667e\niso_sock_getname:1070: sock 00000000be9b69b7, sk 000000004dff667e\niso_sock_getname:1070: sock 00000000be9b69b7, sk 000000004dff667e\niso_sock_getsockopt:1376: sk 000000004dff667e\niso_sock_getname:1070: sock 00000000be9b69b7, sk 000000004dff667e\niso_sock_getname:1070: sock 00000000be9b69b7, sk 000000004dff667e\niso_sock_shutdown:1434: sock 00000000be9b69b7, sk 000000004dff667e, how 1\n__iso_sock_close:632: sk 000000004dff667e state 5 socket 00000000be9b69b7\n \u003cNote: sk_state is BT_CONNECT (5), even though iso_chan_del sets\n BT_CLOSED (6). Only iso_connect_cis sets it to BT_CONNECT, so it\n must be that iso_chan_del occurred between iso_chan_add and end of\n iso_connect_cis.\u003e\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 8000000006467067 P4D 8000000006467067 PUD 3f5f067 PMD 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:__iso_sock_close (net/bluetooth/iso.c:664) bluetooth\n===============================================================\n\nTrace with iso_conn_del before iso_chan_add in iso_connect_cis:\n===============================================================\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 0000000093bc551f conn 00000000768ae504\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_event_packet:7607: hci0: e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54164",
"url": "https://www.suse.com/security/cve/CVE-2023-54164"
},
{
"category": "external",
"summary": "SUSE Bug 1256071 for CVE-2023-54164",
"url": "https://bugzilla.suse.com/1256071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54164"
},
{
"cve": "CVE-2023-54166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: Fix Kernel Panic during ndo_tx_timeout callback\n\nThe Xeon validation group has been carrying out some loaded tests\nwith various HW configurations, and they have seen some transmit\nqueue time out happening during the test. This will cause the\nreset adapter function to be called by igc_tx_timeout().\nSimilar race conditions may arise when the interface is being brought\ndown and up in igc_reinit_locked(), an interrupt being generated, and\nigc_clean_tx_irq() being called to complete the TX.\n\nWhen the igc_tx_timeout() function is invoked, this patch will turn\noff all TX ring HW queues during igc_down() process. TX ring HW queues\nwill be activated again during the igc_configure_tx_ring() process\nwhen performing the igc_up() procedure later.\n\nThis patch also moved existing igc_disable_tx_ring_hw() to avoid using\nforward declaration.\n\nKernel trace:\n[ 7678.747813] ------------[ cut here ]------------\n[ 7678.757914] NETDEV WATCHDOG: enp1s0 (igc): transmit queue 2 timed out\n[ 7678.770117] WARNING: CPU: 0 PID: 13 at net/sched/sch_generic.c:525 dev_watchdog+0x1ae/0x1f0\n[ 7678.784459] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat\nnf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO)\ncegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO) svfs_pci_hotplug(PO)\nvtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO) svheartbeat(PO) ioapic(PO)\nsv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO) smbus(PO) spiflash_cdf(PO) arden(PO)\ndsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO) pch(PO) sviotargets(PO) svbdf(PO) svmem(PO)\nsvbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO) svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO)\nfs_svfs(PO) mdevdefdb(PO) svfs_os_services(O) ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO)\nregsupport(O) libnvdimm nls_cp437 snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel\nsnd_intel_dspcfg snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci\n[ 7678.784496] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm fuse backlight\nconfigfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic pegasus mmc_block usbhid\nmmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa scsi_transport_sas e1000e e1000 e100 ax88179_178a\nusbnet xhci_pci sd_mod xhci_hcd t10_pi crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore\ncrct10dif_generic ptp crct10dif_common usb_common pps_core\n[ 7679.200403] RIP: 0010:dev_watchdog+0x1ae/0x1f0\n[ 7679.210201] Code: 28 e9 53 ff ff ff 4c 89 e7 c6 05 06 42 b9 00 01 e8 17 d1 fb ff 44 89 e9 4c\n89 e6 48 c7 c7 40 ad fb 81 48 89 c2 e8 52 62 82 ff \u003c0f\u003e 0b e9 72 ff ff ff 65 8b 05 80 7d 7c 7e\n89 c0 48 0f a3 05 0a c1\n[ 7679.245438] RSP: 0018:ffa00000001f7d90 EFLAGS: 00010282\n[ 7679.256021] RAX: 0000000000000000 RBX: ff11000109938440 RCX: 0000000000000000\n[ 7679.268710] RDX: ff11000361e26cd8 RSI: ff11000361e1b880 RDI: ff11000361e1b880\n[ 7679.281314] RBP: ffa00000001f7da8 R08: ff1100035f8fffe8 R09: 0000000000027ffb\n[ 7679.293840] R10: 0000000000001f0a R11: ff1100035f840000 R12: ff11000109938000\n[ 7679.306276] R13: 0000000000000002 R14: dead000000000122 R15: ffa00000001f7e18\n[ 7679.318648] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000\n[ 7679.332064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7679.342757] CR2: 00007ffff7fca168 CR3: 000000013b08a006 CR4: 0000000000471ef8\n[ 7679.354984] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 7679.367207] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 7679.379370] PKRU: 55555554\n[ 7679.386446] Call Trace:\n[ 7679.393152] \u003cTASK\u003e\n[ 7679.399363] ? __pfx_dev_watchdog+0x10/0x10\n[ 7679.407870] call_timer_fn+0x31/0x110\n[ 7679.415698] e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54166",
"url": "https://www.suse.com/security/cve/CVE-2023-54166"
},
{
"category": "external",
"summary": "SUSE Bug 1256074 for CVE-2023-54166",
"url": "https://bugzilla.suse.com/1256074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54166"
},
{
"cve": "CVE-2023-54169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix memory leak in mlx5e_ptp_open\n\nWhen kvzalloc_node or kvzalloc failed in mlx5e_ptp_open, the memory\npointed by \"c\" or \"cparams\" is not freed, which can lead to a memory\nleak. Fix by freeing the array in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54169",
"url": "https://www.suse.com/security/cve/CVE-2023-54169"
},
{
"category": "external",
"summary": "SUSE Bug 1256050 for CVE-2023-54169",
"url": "https://bugzilla.suse.com/1256050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54169"
},
{
"cve": "CVE-2023-54170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix linking a duplicate key to a keyring\u0027s assoc_array\n\nWhen making a DNS query inside the kernel using dns_query(), the request\ncode can in rare cases end up creating a duplicate index key in the\nassoc_array of the destination keyring. It is eventually found by\na BUG_ON() check in the assoc_array implementation and results in\na crash.\n\nExample report:\n[2158499.700025] kernel BUG at ../lib/assoc_array.c:652!\n[2158499.700039] invalid opcode: 0000 [#1] SMP PTI\n[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3\n[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n[2158499.700351] Workqueue: cifsiod cifs_resolve_server [cifs]\n[2158499.700380] RIP: 0010:assoc_array_insert+0x85f/0xa40\n[2158499.700401] Code: ff 74 2b 48 8b 3b 49 8b 45 18 4c 89 e6 48 83 e7 fe e8 95 ec 74 00 3b 45 88 7d db 85 c0 79 d4 0f 0b 0f 0b 0f 0b e8 41 f2 be ff \u003c0f\u003e 0b 0f 0b 81 7d 88 ff ff ff 7f 4c 89 eb 4c 8b ad 58 ff ff ff 0f\n[2158499.700448] RSP: 0018:ffffc0bd6187faf0 EFLAGS: 00010282\n[2158499.700470] RAX: ffff9f1ea7da2fe8 RBX: ffff9f1ea7da2fc1 RCX: 0000000000000005\n[2158499.700492] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[2158499.700515] RBP: ffffc0bd6187fbb0 R08: ffff9f185faf1100 R09: 0000000000000000\n[2158499.700538] R10: ffff9f1ea7da2cc0 R11: 000000005ed8cec8 R12: ffffc0bd6187fc28\n[2158499.700561] R13: ffff9f15feb8d000 R14: ffff9f1ea7da2fc0 R15: ffff9f168dc0d740\n[2158499.700585] FS: 0000000000000000(0000) GS:ffff9f185fac0000(0000) knlGS:0000000000000000\n[2158499.700610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[2158499.700630] CR2: 00007fdd94fca238 CR3: 0000000809d8c006 CR4: 00000000003706e0\n[2158499.700702] Call Trace:\n[2158499.700741] ? key_alloc+0x447/0x4b0\n[2158499.700768] ? __key_link_begin+0x43/0xa0\n[2158499.700790] __key_link_begin+0x43/0xa0\n[2158499.700814] request_key_and_link+0x2c7/0x730\n[2158499.700847] ? dns_resolver_read+0x20/0x20 [dns_resolver]\n[2158499.700873] ? key_default_cmp+0x20/0x20\n[2158499.700898] request_key_tag+0x43/0xa0\n[2158499.700926] dns_query+0x114/0x2ca [dns_resolver]\n[2158499.701127] dns_resolve_server_name_to_ip+0x194/0x310 [cifs]\n[2158499.701164] ? scnprintf+0x49/0x90\n[2158499.701190] ? __switch_to_asm+0x40/0x70\n[2158499.701211] ? __switch_to_asm+0x34/0x70\n[2158499.701405] reconn_set_ipaddr_from_hostname+0x81/0x2a0 [cifs]\n[2158499.701603] cifs_resolve_server+0x4b/0xd0 [cifs]\n[2158499.701632] process_one_work+0x1f8/0x3e0\n[2158499.701658] worker_thread+0x2d/0x3f0\n[2158499.701682] ? process_one_work+0x3e0/0x3e0\n[2158499.701703] kthread+0x10d/0x130\n[2158499.701723] ? kthread_park+0xb0/0xb0\n[2158499.701746] ret_from_fork+0x1f/0x40\n\nThe situation occurs as follows:\n* Some kernel facility invokes dns_query() to resolve a hostname, for\n example, \"abcdef\". The function registers its global DNS resolver\n cache as current-\u003ecred.thread_keyring and passes the query to\n request_key_net() -\u003e request_key_tag() -\u003e request_key_and_link().\n* Function request_key_and_link() creates a keyring_search_context\n object. Its match_data.cmp method gets set via a call to\n type-\u003ematch_preparse() (resolves to dns_resolver_match_preparse()) to\n dns_resolver_cmp().\n* Function request_key_and_link() continues and invokes\n search_process_keyrings_rcu() which returns that a given key was not\n found. The control is then passed to request_key_and_link() -\u003e\n construct_alloc_key().\n* Concurrently to that, a second task similarly makes a DNS query for\n \"abcdef.\" and its result gets inserted into the DNS resolver cache.\n* Back on the first task, function construct_alloc_key() first runs\n __key_link_begin() to determine an assoc_array_edit operation to\n insert a new key. Index keys in the array are compared exactly as-is,\n using keyring_compare_object(). The operation \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54170",
"url": "https://www.suse.com/security/cve/CVE-2023-54170"
},
{
"category": "external",
"summary": "SUSE Bug 1256045 for CVE-2023-54170",
"url": "https://bugzilla.suse.com/1256045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54170"
},
{
"cve": "CVE-2023-54171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54171"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak of iter-\u003etemp when reading trace_pipe\n\nkmemleak reports:\n unreferenced object 0xffff88814d14e200 (size 256):\n comm \"cat\", pid 336, jiffies 4294871818 (age 779.490s)\n hex dump (first 32 bytes):\n 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................\n 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z......\n backtrace:\n [\u003cffffffff9bdff18f\u003e] __kmalloc+0x4f/0x140\n [\u003cffffffff9bc9238b\u003e] trace_find_next_entry+0xbb/0x1d0\n [\u003cffffffff9bc9caef\u003e] trace_print_lat_context+0xaf/0x4e0\n [\u003cffffffff9bc94490\u003e] print_trace_line+0x3e0/0x950\n [\u003cffffffff9bc95499\u003e] tracing_read_pipe+0x2d9/0x5a0\n [\u003cffffffff9bf03a43\u003e] vfs_read+0x143/0x520\n [\u003cffffffff9bf04c2d\u003e] ksys_read+0xbd/0x160\n [\u003cffffffff9d0f0edf\u003e] do_syscall_64+0x3f/0x90\n [\u003cffffffff9d2000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nwhen reading file \u0027trace_pipe\u0027, \u0027iter-\u003etemp\u0027 is allocated or relocated\nin trace_find_next_entry() but not freed before \u0027trace_pipe\u0027 is closed.\n\nTo fix it, free \u0027iter-\u003etemp\u0027 in tracing_release_pipe().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54171",
"url": "https://www.suse.com/security/cve/CVE-2023-54171"
},
{
"category": "external",
"summary": "SUSE Bug 1256034 for CVE-2023-54171",
"url": "https://bugzilla.suse.com/1256034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54171"
},
{
"cve": "CVE-2023-54172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction\n\nOn hardware that supports Indirect Branch Tracking (IBT), Hyper-V VMs\nwith ConfigVersion 9.3 or later support IBT in the guest. However,\ncurrent versions of Hyper-V have a bug in that there\u0027s not an ENDBR64\ninstruction at the beginning of the hypercall page. Since hypercalls are\nmade with an indirect call to the hypercall page, all hypercall attempts\nfail with an exception and Linux panics.\n\nA Hyper-V fix is in progress to add ENDBR64. But guard against the Linux\npanic by clearing X86_FEATURE_IBT if the hypercall page doesn\u0027t start\nwith ENDBR. The VM will boot and run without IBT.\n\nIf future Linux 32-bit kernels were to support IBT, additional hypercall\npage hackery would be needed to make IBT work for such kernels in a\nHyper-V VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54172",
"url": "https://www.suse.com/security/cve/CVE-2023-54172"
},
{
"category": "external",
"summary": "SUSE Bug 1256033 for CVE-2023-54172",
"url": "https://bugzilla.suse.com/1256033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54172"
},
{
"cve": "CVE-2023-54173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Disable preemption in bpf_event_output\n\nWe received report [1] of kernel crash, which is caused by\nusing nesting protection without disabled preemption.\n\nThe bpf_event_output can be called by programs executed by\nbpf_prog_run_array_cg function that disabled migration but\nkeeps preemption enabled.\n\nThis can cause task to be preempted by another one inside the\nnesting protection and lead eventually to two tasks using same\nperf_sample_data buffer and cause crashes like:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000001\n #PF: supervisor instruction fetch in kernel mode\n #PF: error_code(0x0010) - not-present page\n ...\n ? perf_output_sample+0x12a/0x9a0\n ? finish_task_switch.isra.0+0x81/0x280\n ? perf_event_output+0x66/0xa0\n ? bpf_event_output+0x13a/0x190\n ? bpf_event_output_data+0x22/0x40\n ? bpf_prog_dfc84bbde731b257_cil_sock4_connect+0x40a/0xacb\n ? xa_load+0x87/0xe0\n ? __cgroup_bpf_run_filter_sock_addr+0xc1/0x1a0\n ? release_sock+0x3e/0x90\n ? sk_setsockopt+0x1a1/0x12f0\n ? udp_pre_connect+0x36/0x50\n ? inet_dgram_connect+0x93/0xa0\n ? __sys_connect+0xb4/0xe0\n ? udp_setsockopt+0x27/0x40\n ? __pfx_udp_push_pending_frames+0x10/0x10\n ? __sys_setsockopt+0xdf/0x1a0\n ? __x64_sys_connect+0xf/0x20\n ? do_syscall_64+0x3a/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFixing this by disabling preemption in bpf_event_output.\n\n[1] https://github.com/cilium/cilium/issues/26756",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54173",
"url": "https://www.suse.com/security/cve/CVE-2023-54173"
},
{
"category": "external",
"summary": "SUSE Bug 1255996 for CVE-2023-54173",
"url": "https://bugzilla.suse.com/1255996"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54173"
},
{
"cve": "CVE-2023-54177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nquota: fix warning in dqgrab()\n\nThere\u0027s issue as follows when do fault injection:\nWARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0\nModules linked in:\nCPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541\nRIP: 0010:dquot_disable+0x13b7/0x18c0\nRSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980\nRDX: 0000000000000000 RSI: ffff88825e41b980 RDI: 0000000000000002\nRBP: ffff888179f68000 R08: ffffffff82087ca7 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffed102f3ed026 R12: ffff888179f68130\nR13: ffff888179f68110 R14: dffffc0000000000 R15: ffff888179f68118\nFS: 00007f450a073740(0000) GS:ffff88882fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe96f2efd8 CR3: 000000025c8ad000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n dquot_load_quota_sb+0xd53/0x1060\n dquot_resume+0x172/0x230\n ext4_reconfigure+0x1dc6/0x27b0\n reconfigure_super+0x515/0xa90\n __x64_sys_fsconfig+0xb19/0xd20\n do_syscall_64+0x39/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue may happens as follows:\nProcessA ProcessB ProcessC\nsys_fsconfig\n vfs_fsconfig_locked\n reconfigure_super\n ext4_remount\n dquot_suspend -\u003e suspend all type quota\n\n sys_fsconfig\n vfs_fsconfig_locked\n reconfigure_super\n ext4_remount\n dquot_resume\n ret = dquot_load_quota_sb\n add_dquot_ref\n do_open -\u003e open file O_RDWR\n vfs_open\n do_dentry_open\n get_write_access\n atomic_inc_unless_negative(\u0026inode-\u003ei_writecount)\n ext4_file_open\n dquot_file_open\n dquot_initialize\n __dquot_initialize\n dqget\n\t\t\t\t\t\t atomic_inc(\u0026dquot-\u003edq_count);\n\n __dquot_initialize\n __dquot_initialize\n dqget\n if (!test_bit(DQ_ACTIVE_B, \u0026dquot-\u003edq_flags))\n ext4_acquire_dquot\n\t\t\t -\u003e Return error DQ_ACTIVE_B flag isn\u0027t set\n dquot_disable\n\t\t\t invalidate_dquots\n\t\t\t if (atomic_read(\u0026dquot-\u003edq_count))\n\t dqgrab\n\t\t\t WARN_ON_ONCE(!test_bit(DQ_ACTIVE_B, \u0026dquot-\u003edq_flags))\n\t -\u003e Trigger warning\n\nIn the above scenario, \u0027dquot-\u003edq_flags\u0027 has no DQ_ACTIVE_B is normal when\ndqgrab().\nTo solve above issue just replace the dqgrab() use in invalidate_dquots() with\natomic_inc(\u0026dquot-\u003edq_count).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54177",
"url": "https://www.suse.com/security/cve/CVE-2023-54177"
},
{
"category": "external",
"summary": "SUSE Bug 1255993 for CVE-2023-54177",
"url": "https://bugzilla.suse.com/1255993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54177"
},
{
"cve": "CVE-2023-54178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()\n\nwhen kmalloc() fail to allocate memory in kasprintf(), name\nor full_name will be NULL, strcmp() will cause\nnull pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54178",
"url": "https://www.suse.com/security/cve/CVE-2023-54178"
},
{
"category": "external",
"summary": "SUSE Bug 1255992 for CVE-2023-54178",
"url": "https://bugzilla.suse.com/1255992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54178"
},
{
"cve": "CVE-2023-54179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Array index may go out of bound\n\nKlocwork reports array \u0027vha-\u003ehost_str\u0027 of size 16 may use index value(s)\n16..19. Use snprintf() instead of sprintf().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54179",
"url": "https://www.suse.com/security/cve/CVE-2023-54179"
},
{
"category": "external",
"summary": "SUSE Bug 1255994 for CVE-2023-54179",
"url": "https://bugzilla.suse.com/1255994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54179"
},
{
"cve": "CVE-2023-54181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix issue in verifying allow_ptr_leaks\n\nAfter we converted the capabilities of our networking-bpf program from\ncap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program\nfailed to start. Because it failed the bpf verifier, and the error log\nis \"R3 pointer comparison prohibited\".\n\nA simple reproducer as follows,\n\nSEC(\"cls-ingress\")\nint ingress(struct __sk_buff *skb)\n{\n\tstruct iphdr *iph = (void *)(long)skb-\u003edata + sizeof(struct ethhdr);\n\n\tif ((long)(iph + 1) \u003e (long)skb-\u003edata_end)\n\t\treturn TC_ACT_STOLEN;\n\treturn TC_ACT_OK;\n}\n\nPer discussion with Yonghong and Alexei [1], comparison of two packet\npointers is not a pointer leak. This patch fixes it.\n\nOur local kernel is 6.1.y and we expect this fix to be backported to\n6.1.y, so stable is CCed.\n\n[1]. https://lore.kernel.org/bpf/CAADnVQ+Nmspr7Si+pxWn8zkE7hX-7s93ugwC+94aXSy4uQ9vBg@mail.gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54181",
"url": "https://www.suse.com/security/cve/CVE-2023-54181"
},
{
"category": "external",
"summary": "SUSE Bug 1255988 for CVE-2023-54181",
"url": "https://bugzilla.suse.com/1255988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54181"
},
{
"cve": "CVE-2023-54183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()\n\nIf fwnode_graph_get_remote_endpoint() fails, \u0027fwnode\u0027 is known to be NULL,\nso fwnode_handle_put() is a no-op.\n\nRelease the reference taken from a previous fwnode_graph_get_port_parent()\ncall instead.\n\nAlso handle fwnode_graph_get_port_parent() failures.\n\nIn order to fix these issues, add an error handling path to the function\nand the needed gotos.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54183",
"url": "https://www.suse.com/security/cve/CVE-2023-54183"
},
{
"category": "external",
"summary": "SUSE Bug 1255990 for CVE-2023-54183",
"url": "https://bugzilla.suse.com/1255990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54183"
},
{
"cve": "CVE-2023-54185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG_ON()\u0027s in add_new_free_space()\n\nAt add_new_free_space() we have these BUG_ON()\u0027s that are there to deal\nwith any failure to add free space to the in memory free space cache.\nSuch failures are mostly -ENOMEM that should be very rare. However there\u0027s\nno need to have these BUG_ON()\u0027s, we can just return any error to the\ncaller and all callers and their upper call chain are already dealing with\nerrors.\n\nSo just make add_new_free_space() return any errors, while removing the\nBUG_ON()\u0027s, and returning the total amount of added free space to an\noptional u64 pointer argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54185",
"url": "https://www.suse.com/security/cve/CVE-2023-54185"
},
{
"category": "external",
"summary": "SUSE Bug 1255984 for CVE-2023-54185",
"url": "https://bugzilla.suse.com/1255984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54185"
},
{
"cve": "CVE-2023-54189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54189",
"url": "https://www.suse.com/security/cve/CVE-2023-54189"
},
{
"category": "external",
"summary": "SUSE Bug 1255978 for CVE-2023-54189",
"url": "https://bugzilla.suse.com/1255978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54189"
},
{
"cve": "CVE-2023-54194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree\n\nThe call stack shown below is a scenario in the Linux 4.19 kernel.\nAllocating memory failed where exfat fs use kmalloc_array due to\nsystem memory fragmentation, while the u-disk was inserted without\nrecognition.\nDevices such as u-disk using the exfat file system are pluggable and\nmay be insert into the system at any time.\nHowever, long-term running systems cannot guarantee the continuity of\nphysical memory. Therefore, it\u0027s necessary to address this issue.\n\nBinder:2632_6: page allocation failure: order:4,\n mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null)\nCall trace:\n[242178.097582] dump_backtrace+0x0/0x4\n[242178.097589] dump_stack+0xf4/0x134\n[242178.097598] warn_alloc+0xd8/0x144\n[242178.097603] __alloc_pages_nodemask+0x1364/0x1384\n[242178.097608] kmalloc_order+0x2c/0x510\n[242178.097612] kmalloc_order_trace+0x40/0x16c\n[242178.097618] __kmalloc+0x360/0x408\n[242178.097624] load_alloc_bitmap+0x160/0x284\n[242178.097628] exfat_fill_super+0xa3c/0xe7c\n[242178.097635] mount_bdev+0x2e8/0x3a0\n[242178.097638] exfat_fs_mount+0x40/0x50\n[242178.097643] mount_fs+0x138/0x2e8\n[242178.097649] vfs_kern_mount+0x90/0x270\n[242178.097655] do_mount+0x798/0x173c\n[242178.097659] ksys_mount+0x114/0x1ac\n[242178.097665] __arm64_sys_mount+0x24/0x34\n[242178.097671] el0_svc_common+0xb8/0x1b8\n[242178.097676] el0_svc_handler+0x74/0x90\n[242178.097681] el0_svc+0x8/0x340\n\nBy analyzing the exfat code,we found that continuous physical memory\nis not required here,so kvmalloc_array is used can solve this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54194",
"url": "https://www.suse.com/security/cve/CVE-2023-54194"
},
{
"category": "external",
"summary": "SUSE Bug 1255974 for CVE-2023-54194",
"url": "https://bugzilla.suse.com/1255974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54194"
},
{
"cve": "CVE-2023-54201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/efa: Fix wrong resources deallocation order\n\nWhen trying to destroy QP or CQ, we first decrease the refcount and\npotentially free memory regions allocated for the object and then\nrequest the device to destroy the object. If the device fails, the\nobject isn\u0027t fully destroyed so the user/IB core can try to destroy the\nobject again which will lead to underflow when trying to decrease an\nalready zeroed refcount.\n\nDeallocate resources in reverse order of allocating them to safely free\nthem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54201",
"url": "https://www.suse.com/security/cve/CVE-2023-54201"
},
{
"category": "external",
"summary": "SUSE Bug 1255964 for CVE-2023-54201",
"url": "https://bugzilla.suse.com/1255964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54201"
},
{
"cve": "CVE-2023-54204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sunplus: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value,\n1. the memory allocated in mmc_alloc_host() will be leaked\n2. null-ptr-deref will happen when calling mmc_remove_host()\nin remove function spmmc_drv_remove() because deleting not\nadded device.\n\nFix this by checking the return value of mmc_add_host(). Moreover,\nI fixed the error handling path of spmmc_drv_probe() to clean up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54204",
"url": "https://www.suse.com/security/cve/CVE-2023-54204"
},
{
"category": "external",
"summary": "SUSE Bug 1255967 for CVE-2023-54204",
"url": "https://bugzilla.suse.com/1255967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54204"
},
{
"cve": "CVE-2023-54207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: uclogic: Correct devm device reference for hidinput input_dev name\n\nReference the HID device rather than the input device for the devm\nallocation of the input_dev name. Referencing the input_dev would lead to a\nuse-after-free when the input_dev was unregistered and subsequently fires a\nuevent that depends on the name. At the point of firing the uevent, the\nname would be freed by devres management.\n\nUse devm_kasprintf to simplify the logic for allocating memory and\nformatting the input_dev name string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54207",
"url": "https://www.suse.com/security/cve/CVE-2023-54207"
},
{
"category": "external",
"summary": "SUSE Bug 1255961 for CVE-2023-54207",
"url": "https://bugzilla.suse.com/1255961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54207"
},
{
"cve": "CVE-2023-54209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix blktrace debugfs entries leakage\n\nCommit 99d055b4fd4b (\"block: remove per-disk debugfs files in\nblk_unregister_queue\") moves blk_trace_shutdown() from\nblk_release_queue() to blk_unregister_queue(), this is safe if blktrace\nis created through sysfs, however, there is a regression in corner\ncase.\n\nblktrace can still be enabled after del_gendisk() through ioctl if\nthe disk is opened before del_gendisk(), and if blktrace is not shutdown\nthrough ioctl before closing the disk, debugfs entries will be leaked.\n\nFix this problem by shutdown blktrace in disk_release(), this is safe\nbecause blk_trace_remove() is reentrant.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54209",
"url": "https://www.suse.com/security/cve/CVE-2023-54209"
},
{
"category": "external",
"summary": "SUSE Bug 1255963 for CVE-2023-54209",
"url": "https://bugzilla.suse.com/1255963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54209"
},
{
"cve": "CVE-2023-54210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor()\n\nKASAN reports that there\u0027s a use-after-free in\nhci_remove_adv_monitor(). Trawling through the disassembly, you can\nsee that the complaint is from the access in bt_dev_dbg() under the\nHCI_ADV_MONITOR_EXT_MSFT case. The problem case happens because\nmsft_remove_monitor() can end up freeing the monitor\nstructure. Specifically:\n hci_remove_adv_monitor() -\u003e\n msft_remove_monitor() -\u003e\n msft_remove_monitor_sync() -\u003e\n msft_le_cancel_monitor_advertisement_cb() -\u003e\n hci_free_adv_monitor()\n\nLet\u0027s fix the problem by just stashing the relevant data when it\u0027s\nstill valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54210",
"url": "https://www.suse.com/security/cve/CVE-2023-54210"
},
{
"category": "external",
"summary": "SUSE Bug 1255955 for CVE-2023-54210",
"url": "https://bugzilla.suse.com/1255955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2023-54210"
},
{
"cve": "CVE-2023-54211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix warning in trace_buffered_event_disable()\n\nWarning happened in trace_buffered_event_disable() at\n WARN_ON_ONCE(!trace_buffered_event_ref)\n\n Call Trace:\n ? __warn+0xa5/0x1b0\n ? trace_buffered_event_disable+0x189/0x1b0\n __ftrace_event_enable_disable+0x19e/0x3e0\n free_probe_data+0x3b/0xa0\n unregister_ftrace_function_probe_func+0x6b8/0x800\n event_enable_func+0x2f0/0x3d0\n ftrace_process_regex.isra.0+0x12d/0x1b0\n ftrace_filter_write+0xe6/0x140\n vfs_write+0x1c9/0x6f0\n [...]\n\nThe cause of the warning is in __ftrace_event_enable_disable(),\ntrace_buffered_event_enable() was called once while\ntrace_buffered_event_disable() was called twice.\nReproduction script show as below, for analysis, see the comments:\n ```\n #!/bin/bash\n\n cd /sys/kernel/tracing/\n\n # 1. Register a \u0027disable_event\u0027 command, then:\n # 1) SOFT_DISABLED_BIT was set;\n # 2) trace_buffered_event_enable() was called first time;\n echo \u0027cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n set_ftrace_filter\n\n # 2. Enable the event registered, then:\n # 1) SOFT_DISABLED_BIT was cleared;\n # 2) trace_buffered_event_disable() was called first time;\n echo 1 \u003e events/initcall/initcall_finish/enable\n\n # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was\n # set again!!!\n cat /proc/cmdline\n\n # 4. Unregister the \u0027disable_event\u0027 command, then:\n # 1) SOFT_DISABLED_BIT was cleared again;\n # 2) trace_buffered_event_disable() was called second time!!!\n echo \u0027!cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n set_ftrace_filter\n ```\n\nTo fix it, IIUC, we can change to call trace_buffered_event_enable() at\nfist time soft-mode enabled, and call trace_buffered_event_disable() at\nlast time soft-mode disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54211",
"url": "https://www.suse.com/security/cve/CVE-2023-54211"
},
{
"category": "external",
"summary": "SUSE Bug 1255843 for CVE-2023-54211",
"url": "https://bugzilla.suse.com/1255843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54211"
},
{
"cve": "CVE-2023-54215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-vdpa: Fix cpumask memory leak in virtio_vdpa_find_vqs()\n\nFree the cpumask allocated by create_affinity_masks() before returning\nfrom the function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54215",
"url": "https://www.suse.com/security/cve/CVE-2023-54215"
},
{
"category": "external",
"summary": "SUSE Bug 1255957 for CVE-2023-54215",
"url": "https://bugzilla.suse.com/1255957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54215"
},
{
"cve": "CVE-2023-54219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54219"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"IB/isert: Fix incorrect release of isert connection\"\n\nCommit: 699826f4e30a (\"IB/isert: Fix incorrect release of isert connection\") is\ncausing problems on OPA when DEVICE_REMOVAL is happening.\n\n ------------[ cut here ]------------\n WARNING: CPU: 52 PID: 2117247 at drivers/infiniband/core/cq.c:359\nib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n Modules linked in: nfsd nfs_acl target_core_user uio tcm_fc libfc\nscsi_transport_fc tcm_loop target_core_pscsi target_core_iblock target_core_file\nrpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs\nrfkill rpcrdma rdma_ucm ib_srpt sunrpc ib_isert iscsi_target_mod target_core_mod\nopa_vnic ib_iser libiscsi ib_umad scsi_transport_iscsi rdma_cm ib_ipoib iw_cm\nib_cm hfi1(-) rdmavt ib_uverbs intel_rapl_msr intel_rapl_common sb_edac ib_core\nx86_pkg_temp_thermal intel_powerclamp coretemp i2c_i801 mxm_wmi rapl iTCO_wdt\nipmi_si iTCO_vendor_support mei_me ipmi_devintf mei intel_cstate ioatdma\nintel_uncore i2c_smbus joydev pcspkr lpc_ich ipmi_msghandler acpi_power_meter\nacpi_pad xfs libcrc32c sr_mod sd_mod cdrom t10_pi sg crct10dif_pclmul\ncrc32_pclmul crc32c_intel drm_kms_helper drm_shmem_helper ahci libahci\nghash_clmulni_intel igb drm libata dca i2c_algo_bit wmi fuse\n CPU: 52 PID: 2117247 Comm: modprobe Not tainted 6.5.0-rc1+ #1\n Hardware name: Intel Corporation S2600CWR/S2600CW, BIOS\nSE5C610.86B.01.01.0014.121820151719 12/18/2015\n RIP: 0010:ib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n Code: ff 48 8b 43 40 48 8d 7b 40 48 83 e8 40 4c 39 e7 75 b3 49 83\nc4 10 4d 39 fc 75 94 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc \u003c0f\u003e 0b eb a1\n90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f\n RSP: 0018:ffffc10bea13fc80 EFLAGS: 00010206\n RAX: 000000000000010c RBX: ffff9bf5c7e66c00 RCX: 000000008020001d\n RDX: 000000008020001e RSI: fffff175221f9900 RDI: ffff9bf5c7e67640\n RBP: ffff9bf5c7e67600 R08: ffff9bf5c7e64400 R09: 000000008020001d\n R10: 0000000040000000 R11: 0000000000000000 R12: ffff9bee4b1e8a18\n R13: dead000000000122 R14: dead000000000100 R15: ffff9bee4b1e8a38\n FS: 00007ff1e6d38740(0000) GS:ffff9bfd9fb00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005652044ecc68 CR3: 0000000889b5c005 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x80/0x130\n ? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n ? report_bug+0x195/0x1a0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n disable_device+0x9d/0x160 [ib_core]\n __ib_unregister_device+0x42/0xb0 [ib_core]\n ib_unregister_device+0x22/0x30 [ib_core]\n rvt_unregister_device+0x20/0x90 [rdmavt]\n hfi1_unregister_ib_device+0x16/0xf0 [hfi1]\n remove_one+0x55/0x1a0 [hfi1]\n pci_device_remove+0x36/0xa0\n device_release_driver_internal+0x193/0x200\n driver_detach+0x44/0x90\n bus_remove_driver+0x69/0xf0\n pci_unregister_driver+0x2a/0xb0\n hfi1_mod_cleanup+0xc/0x3c [hfi1]\n __do_sys_delete_module.constprop.0+0x17a/0x2f0\n ? exit_to_user_mode_prepare+0xc4/0xd0\n ? syscall_trace_enter.constprop.0+0x126/0x1a0\n do_syscall_64+0x5c/0x90\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? syscall_exit_work+0x103/0x130\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? exc_page_fault+0x65/0x150\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7ff1e643f5ab\n Code: 73 01 c3 48 8b 0d 75 a8 1b 00 f7 d8 64 89 01 48 83 c8 ff c3\n66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 \u003c48\u003e 3d 01 f0\nff ff 73 01 c3 48 8b 0d 45 a8 1b 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffec9103cc8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n RAX: ffffffffffffffda RBX: 00005615267fdc50 RCX: 00007ff1e643f5ab\n RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00005615267fdcb8\n RBP: 00005615267fdc50 R08: 0000000000000000 R09: 0000000000000000\n R10: 00007ff1e659eac0 R11: 0000000000000206 R12: 00005615267fdcb8\n R13: 00000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54219",
"url": "https://www.suse.com/security/cve/CVE-2023-54219"
},
{
"category": "external",
"summary": "SUSE Bug 1256231 for CVE-2023-54219",
"url": "https://bugzilla.suse.com/1256231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54219"
},
{
"cve": "CVE-2023-54220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Fix oops for port-\u003epm on uart_change_pm()\n\nUnloading a hardware specific 8250 driver can produce error \"Unable to\nhandle kernel paging request at virtual address\" about ten seconds after\nunloading the driver. This happens on uart_hangup() calling\nuart_change_pm().\n\nTurns out commit 04e82793f068 (\"serial: 8250: Reinit port-\u003epm on port\nspecific driver unbind\") was only a partial fix. If the hardware specific\ndriver has initialized port-\u003epm function, we need to clear port-\u003epm too.\nJust reinitializing port-\u003eops does not do this. Otherwise serial8250_pm()\nwill call port-\u003epm() instead of serial8250_do_pm().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54220",
"url": "https://www.suse.com/security/cve/CVE-2023-54220"
},
{
"category": "external",
"summary": "SUSE Bug 1255949 for CVE-2023-54220",
"url": "https://bugzilla.suse.com/1255949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54220"
},
{
"cve": "CVE-2023-54221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe\n\nIn function probe(), it returns directly without unregistered hws\nwhen error occurs.\n\nFix this by adding \u0027goto unregister_hws;\u0027 on line 295 and\nline 310.\n\nUse devm_kzalloc() instead of kzalloc() to automatically\nfree the memory using devm_kfree() when error occurs.\n\nReplace of_iomap() with devm_of_iomap() to automatically\nhandle the unused ioremap region and delete \u0027iounmap(anatop_base);\u0027\nin unregister_hws.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54221",
"url": "https://www.suse.com/security/cve/CVE-2023-54221"
},
{
"category": "external",
"summary": "SUSE Bug 1255842 for CVE-2023-54221",
"url": "https://bugzilla.suse.com/1255842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54221"
},
{
"cve": "CVE-2023-54223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: xsk: Fix invalid buffer access for legacy rq\n\nThe below crash can be encountered when using xdpsock in rx mode for\nlegacy rq: the buffer gets released in the XDP_REDIRECT path, and then\nonce again in the driver. This fix sets the flag to avoid releasing on\nthe driver side.\n\nXSK handling of buffers for legacy rq was relying on the caller to set\nthe skip release flag. But the referenced fix started using fragment\ncounts for pages instead of the skip flag.\n\nCrash log:\n general protection fault, probably for non-canonical address 0xffff8881217e3a: 0000 [#1] SMP\n CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 6.5.0-rc1+ #31\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:bpf_prog_03b13f331978c78c+0xf/0x28\n Code: ...\n RSP: 0018:ffff88810082fc98 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888138404901 RCX: c0ffffc900027cbc\n RDX: ffffffffa000b514 RSI: 00ffff8881217e32 RDI: ffff888138404901\n RBP: ffff88810082fc98 R08: 0000000000091100 R09: 0000000000000006\n R10: 0000000000000800 R11: 0000000000000800 R12: ffffc9000027a000\n R13: ffff8881217e2dc0 R14: ffff8881217e2910 R15: ffff8881217e2f00\n FS: 0000000000000000(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000564cb2e2cde0 CR3: 000000010e603004 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? die_addr+0x32/0x80\n ? exc_general_protection+0x192/0x390\n ? asm_exc_general_protection+0x22/0x30\n ? 0xffffffffa000b514\n ? bpf_prog_03b13f331978c78c+0xf/0x28\n mlx5e_xdp_handle+0x48/0x670 [mlx5_core]\n ? dev_gro_receive+0x3b5/0x6e0\n mlx5e_xsk_skb_from_cqe_linear+0x6e/0x90 [mlx5_core]\n mlx5e_handle_rx_cqe+0x55/0x100 [mlx5_core]\n mlx5e_poll_rx_cq+0x87/0x6e0 [mlx5_core]\n mlx5e_napi_poll+0x45e/0x6b0 [mlx5_core]\n __napi_poll+0x25/0x1a0\n net_rx_action+0x28a/0x300\n __do_softirq+0xcd/0x279\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x1a/0x20\n smpboot_thread_fn+0xa2/0x130\n kthread+0xc9/0xf0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n Modules linked in: mlx5_ib mlx5_core rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54223",
"url": "https://www.suse.com/security/cve/CVE-2023-54223"
},
{
"category": "external",
"summary": "SUSE Bug 1256233 for CVE-2023-54223",
"url": "https://bugzilla.suse.com/1256233"
},
{
"category": "external",
"summary": "SUSE Bug 1256253 for CVE-2023-54223",
"url": "https://bugzilla.suse.com/1256253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54223"
},
{
"cve": "CVE-2023-54224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix lockdep splat and potential deadlock after failure running delayed items\n\nWhen running delayed items we are holding a delayed node\u0027s mutex and then\nwe will attempt to modify a subvolume btree to insert/update/delete the\ndelayed items. However if have an error during the insertions for example,\nbtrfs_insert_delayed_items() may return with a path that has locked extent\nbuffers (a leaf at the very least), and then we attempt to release the\ndelayed node at __btrfs_run_delayed_items(), which requires taking the\ndelayed node\u0027s mutex, causing an ABBA type of deadlock. This was reported\nby syzbot and the lockdep splat is the following:\n\n WARNING: possible circular locking dependency detected\n 6.5.0-rc7-syzkaller-00024-g93f5de5f648d #0 Not tainted\n ------------------------------------------------------\n syz-executor.2/13257 is trying to acquire lock:\n ffff88801835c0c0 (\u0026delayed_node-\u003emutex){+.+.}-{3:3}, at: __btrfs_release_delayed_node+0x9a/0xaa0 fs/btrfs/delayed-inode.c:256\n\n but task is already holding lock:\n ffff88802a5ab8e8 (btrfs-tree-00){++++}-{3:3}, at: __btrfs_tree_lock+0x3c/0x2a0 fs/btrfs/locking.c:198\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #1 (btrfs-tree-00){++++}-{3:3}:\n __lock_release kernel/locking/lockdep.c:5475 [inline]\n lock_release+0x36f/0x9d0 kernel/locking/lockdep.c:5781\n up_write+0x79/0x580 kernel/locking/rwsem.c:1625\n btrfs_tree_unlock_rw fs/btrfs/locking.h:189 [inline]\n btrfs_unlock_up_safe+0x179/0x3b0 fs/btrfs/locking.c:239\n search_leaf fs/btrfs/ctree.c:1986 [inline]\n btrfs_search_slot+0x2511/0x2f80 fs/btrfs/ctree.c:2230\n btrfs_insert_empty_items+0x9c/0x180 fs/btrfs/ctree.c:4376\n btrfs_insert_delayed_item fs/btrfs/delayed-inode.c:746 [inline]\n btrfs_insert_delayed_items fs/btrfs/delayed-inode.c:824 [inline]\n __btrfs_commit_inode_delayed_items+0xd24/0x2410 fs/btrfs/delayed-inode.c:1111\n __btrfs_run_delayed_items+0x1db/0x430 fs/btrfs/delayed-inode.c:1153\n flush_space+0x269/0xe70 fs/btrfs/space-info.c:723\n btrfs_async_reclaim_metadata_space+0x106/0x350 fs/btrfs/space-info.c:1078\n process_one_work+0x92c/0x12c0 kernel/workqueue.c:2600\n worker_thread+0xa63/0x1210 kernel/workqueue.c:2751\n kthread+0x2b8/0x350 kernel/kthread.c:389\n ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:145\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\n -\u003e #0 (\u0026delayed_node-\u003emutex){+.+.}-{3:3}:\n check_prev_add kernel/locking/lockdep.c:3142 [inline]\n check_prevs_add kernel/locking/lockdep.c:3261 [inline]\n validate_chain kernel/locking/lockdep.c:3876 [inline]\n __lock_acquire+0x39ff/0x7f70 kernel/locking/lockdep.c:5144\n lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5761\n __mutex_lock_common+0x1d8/0x2530 kernel/locking/mutex.c:603\n __mutex_lock kernel/locking/mutex.c:747 [inline]\n mutex_lock_nested+0x1b/0x20 kernel/locking/mutex.c:799\n __btrfs_release_delayed_node+0x9a/0xaa0 fs/btrfs/delayed-inode.c:256\n btrfs_release_delayed_node fs/btrfs/delayed-inode.c:281 [inline]\n __btrfs_run_delayed_items+0x2b5/0x430 fs/btrfs/delayed-inode.c:1156\n btrfs_commit_transaction+0x859/0x2ff0 fs/btrfs/transaction.c:2276\n btrfs_sync_file+0xf56/0x1330 fs/btrfs/file.c:1988\n vfs_fsync_range fs/sync.c:188 [inline]\n vfs_fsync fs/sync.c:202 [inline]\n do_fsync fs/sync.c:212 [inline]\n __do_sys_fsync fs/sync.c:220 [inline]\n __se_sys_fsync fs/sync.c:218 [inline]\n __x64_sys_fsync+0x196/0x1e0 fs/sync.c:218\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n other info that\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54224",
"url": "https://www.suse.com/security/cve/CVE-2023-54224"
},
{
"category": "external",
"summary": "SUSE Bug 1255951 for CVE-2023-54224",
"url": "https://bugzilla.suse.com/1255951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54224"
},
{
"cve": "CVE-2023-54225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipa: only reset hashed tables when supported\n\nLast year, the code that manages GSI channel transactions switched\nfrom using spinlock-protected linked lists to using indexes into the\nring buffer used for a channel. Recently, Google reported seeing\ntransaction reference count underflows occasionally during shutdown.\n\nDoug Anderson found a way to reproduce the issue reliably, and\nbisected the issue to the commit that eliminated the linked lists\nand the lock. The root cause was ultimately determined to be\nrelated to unused transactions being committed as part of the modem\nshutdown cleanup activity. Unused transactions are not normally\nexpected (except in error cases).\n\nThe modem uses some ranges of IPA-resident memory, and whenever it\nshuts down we zero those ranges. In ipa_filter_reset_table() a\ntransaction is allocated to zero modem filter table entries. If\nhashing is not supported, hashed table memory should not be zeroed.\nBut currently nothing prevents that, and the result is an unused\ntransaction. Something similar occurs when we zero routing table\nentries for the modem.\n\nBy preventing any attempt to clear hashed tables when hashing is not\nsupported, the reference count underflow is avoided in this case.\n\nNote that there likely remains an issue with properly freeing unused\ntransactions (if they occur due to errors). This patch addresses\nonly the underflows that Google originally reported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54225",
"url": "https://www.suse.com/security/cve/CVE-2023-54225"
},
{
"category": "external",
"summary": "SUSE Bug 1256234 for CVE-2023-54225",
"url": "https://bugzilla.suse.com/1256234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54225"
},
{
"cve": "CVE-2023-54227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix tags leak when shrink nr_hw_queues\n\nAlthough we don\u0027t need to realloc set-\u003etags[] when shrink nr_hw_queues,\nwe need to free them. Or these tags will be leaked.\n\nHow to reproduce:\n1. mount -t configfs configfs /mnt\n2. modprobe null_blk nr_devices=0 submit_queues=8\n3. mkdir /mnt/nullb/nullb0\n4. echo 1 \u003e /mnt/nullb/nullb0/power\n5. echo 4 \u003e /mnt/nullb/nullb0/submit_queues\n6. rmdir /mnt/nullb/nullb0\n\nIn step 4, will alloc 9 tags (8 submit queues and 1 poll queue), then\nin step 5, new_nr_hw_queues = 5 (4 submit queues and 1 poll queue).\nAt last in step 6, only these 5 tags are freed, the other 4 tags leaked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54227",
"url": "https://www.suse.com/security/cve/CVE-2023-54227"
},
{
"category": "external",
"summary": "SUSE Bug 1255952 for CVE-2023-54227",
"url": "https://bugzilla.suse.com/1255952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54227"
},
{
"cve": "CVE-2023-54229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix registration of 6Ghz-only phy without the full channel range\n\nBecause of what seems to be a typo, a 6Ghz-only phy for which the BDF\ndoes not allow the 7115Mhz channel will fail to register:\n\n WARNING: CPU: 2 PID: 106 at net/wireless/core.c:907 wiphy_register+0x914/0x954\n Modules linked in: ath11k_pci sbsa_gwdt\n CPU: 2 PID: 106 Comm: kworker/u8:5 Not tainted 6.3.0-rc7-next-20230418-00549-g1e096a17625a-dirty #9\n Hardware name: Freebox V7R Board (DT)\n Workqueue: ath11k_qmi_driver_event ath11k_qmi_driver_event_work\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : wiphy_register+0x914/0x954\n lr : ieee80211_register_hw+0x67c/0xc10\n sp : ffffff800b123aa0\n x29: ffffff800b123aa0 x28: 0000000000000000 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000006 x24: ffffffc008d51418\n x23: ffffffc008cb0838 x22: ffffff80176c2460 x21: 0000000000000168\n x20: ffffff80176c0000 x19: ffffff80176c03e0 x18: 0000000000000014\n x17: 00000000cbef338c x16: 00000000d2a26f21 x15: 00000000ad6bb85f\n x14: 0000000000000020 x13: 0000000000000020 x12: 00000000ffffffbd\n x11: 0000000000000208 x10: 00000000fffffdf7 x9 : ffffffc009394718\n x8 : ffffff80176c0528 x7 : 000000007fffffff x6 : 0000000000000006\n x5 : 0000000000000005 x4 : ffffff800b304284 x3 : ffffff800b304284\n x2 : ffffff800b304d98 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n wiphy_register+0x914/0x954\n ieee80211_register_hw+0x67c/0xc10\n ath11k_mac_register+0x7c4/0xe10\n ath11k_core_qmi_firmware_ready+0x1f4/0x570\n ath11k_qmi_driver_event_work+0x198/0x590\n process_one_work+0x1b8/0x328\n worker_thread+0x6c/0x414\n kthread+0x100/0x104\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n ath11k_pci 0002:01:00.0: ieee80211 registration failed: -22\n ath11k_pci 0002:01:00.0: failed register the radio with mac80211: -22\n ath11k_pci 0002:01:00.0: failed to create pdev core: -22",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54229",
"url": "https://www.suse.com/security/cve/CVE-2023-54229"
},
{
"category": "external",
"summary": "SUSE Bug 1255924 for CVE-2023-54229",
"url": "https://bugzilla.suse.com/1255924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54229"
},
{
"cve": "CVE-2023-54230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\namba: bus: fix refcount leak\n\ncommit 5de1540b7bc4 (\"drivers/amba: create devices from device tree\")\nincreases the refcount of of_node, but not releases it in\namba_device_release, so there is refcount leak. By using of_node_put\nto avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54230",
"url": "https://www.suse.com/security/cve/CVE-2023-54230"
},
{
"category": "external",
"summary": "SUSE Bug 1255925 for CVE-2023-54230",
"url": "https://bugzilla.suse.com/1255925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54230"
},
{
"cve": "CVE-2023-54235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DOE: Fix destroy_work_on_stack() race\n\nThe following debug object splat was observed in testing:\n\n ODEBUG: free active (active state 0) object: 0000000097d23782 object type: work_struct hint: doe_statemachine_work+0x0/0x510\n WARNING: CPU: 1 PID: 71 at lib/debugobjects.c:514 debug_print_object+0x7d/0xb0\n ...\n Workqueue: pci 0000:36:00.0 DOE [1 doe_statemachine_work\n RIP: 0010:debug_print_object+0x7d/0xb0\n ...\n Call Trace:\n ? debug_print_object+0x7d/0xb0\n ? __pfx_doe_statemachine_work+0x10/0x10\n debug_object_free.part.0+0x11b/0x150\n doe_statemachine_work+0x45e/0x510\n process_one_work+0x1d4/0x3c0\n\nThis occurs because destroy_work_on_stack() was called after signaling\nthe completion in the calling thread. This creates a race between\ndestroy_work_on_stack() and the task-\u003ework struct going out of scope in\npci_doe().\n\nSignal the work complete after destroying the work struct. This is safe\nbecause signal_task_complete() is the final thing the work item does and\nthe workqueue code is careful not to access the work struct after.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54235",
"url": "https://www.suse.com/security/cve/CVE-2023-54235"
},
{
"category": "external",
"summary": "SUSE Bug 1255921 for CVE-2023-54235",
"url": "https://bugzilla.suse.com/1255921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54235"
},
{
"cve": "CVE-2023-54240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()\n\nrule_locs is allocated in ethtool_get_rxnfc and the size is determined by\nrule_cnt from user space. So rule_cnt needs to be check before using\nrule_locs to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54240",
"url": "https://www.suse.com/security/cve/CVE-2023-54240"
},
{
"category": "external",
"summary": "SUSE Bug 1255918 for CVE-2023-54240",
"url": "https://bugzilla.suse.com/1255918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54240"
},
{
"cve": "CVE-2023-54241",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54241"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: KVM: Fix NULL pointer dereference\n\nAfter commit 45c7e8af4a5e3f0bea4ac209 (\"MIPS: Remove KVM_TE support\") we\nget a NULL pointer dereference when creating a KVM guest:\n\n[ 146.243409] Starting KVM with MIPS VZ extensions\n[ 149.849151] CPU 3 Unable to handle kernel paging request at virtual address 0000000000000300, epc == ffffffffc06356ec, ra == ffffffffc063568c\n[ 149.849177] Oops[#1]:\n[ 149.849182] CPU: 3 PID: 2265 Comm: qemu-system-mip Not tainted 6.4.0-rc3+ #1671\n[ 149.849188] Hardware name: THTF CX TL630 Series/THTF-LS3A4000-7A1000-ML4A, BIOS KL4.1F.TF.D.166.201225.R 12/25/2020\n[ 149.849192] $ 0 : 0000000000000000 000000007400cce0 0000000000400004 ffffffff8119c740\n[ 149.849209] $ 4 : 000000007400cce1 000000007400cce1 0000000000000000 0000000000000000\n[ 149.849221] $ 8 : 000000240058bb36 ffffffff81421ac0 0000000000000000 0000000000400dc0\n[ 149.849233] $12 : 9800000102a07cc8 ffffffff80e40e38 0000000000000001 0000000000400dc0\n[ 149.849245] $16 : 0000000000000000 9800000106cd0000 9800000106cd0000 9800000100cce000\n[ 149.849257] $20 : ffffffffc0632b28 ffffffffc05b31b0 9800000100ccca00 0000000000400000\n[ 149.849269] $24 : 9800000106cd09ce ffffffff802f69d0\n[ 149.849281] $28 : 9800000102a04000 9800000102a07cd0 98000001106a8000 ffffffffc063568c\n[ 149.849293] Hi : 00000335b2111e66\n[ 149.849295] Lo : 6668d90061ae0ae9\n[ 149.849298] epc : ffffffffc06356ec kvm_vz_vcpu_setup+0xc4/0x328 [kvm]\n[ 149.849324] ra : ffffffffc063568c kvm_vz_vcpu_setup+0x64/0x328 [kvm]\n[ 149.849336] Status: 7400cce3 KX SX UX KERNEL EXL IE\n[ 149.849351] Cause : 1000000c (ExcCode 03)\n[ 149.849354] BadVA : 0000000000000300\n[ 149.849357] PrId : 0014c004 (ICT Loongson-3)\n[ 149.849360] Modules linked in: kvm nfnetlink_queue nfnetlink_log nfnetlink fuse sha256_generic libsha256 cfg80211 rfkill binfmt_misc vfat fat snd_hda_codec_hdmi input_leds led_class snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_pcm snd_timer snd serio_raw xhci_pci radeon drm_suballoc_helper drm_display_helper xhci_hcd ip_tables x_tables\n[ 149.849432] Process qemu-system-mip (pid: 2265, threadinfo=00000000ae2982d2, task=0000000038e09ad4, tls=000000ffeba16030)\n[ 149.849439] Stack : 9800000000000003 9800000100ccca00 9800000100ccc000 ffffffffc062cef4\n[ 149.849453] 9800000102a07d18 c89b63a7ab338e00 0000000000000000 ffffffff811a0000\n[ 149.849465] 0000000000000000 9800000106cd0000 ffffffff80e59938 98000001106a8920\n[ 149.849476] ffffffff80e57f30 ffffffffc062854c ffffffff811a0000 9800000102bf4240\n[ 149.849488] ffffffffc05b0000 ffffffff80e3a798 000000ff78000000 000000ff78000010\n[ 149.849500] 0000000000000255 98000001021f7de0 98000001023f0078 ffffffff81434000\n[ 149.849511] 0000000000000000 0000000000000000 9800000102ae0000 980000025e92ae28\n[ 149.849523] 0000000000000000 c89b63a7ab338e00 0000000000000001 ffffffff8119dce0\n[ 149.849535] 000000ff78000010 ffffffff804f3d3c 9800000102a07eb0 0000000000000255\n[ 149.849546] 0000000000000000 ffffffff8049460c 000000ff78000010 0000000000000255\n[ 149.849558] ...\n[ 149.849565] Call Trace:\n[ 149.849567] [\u003cffffffffc06356ec\u003e] kvm_vz_vcpu_setup+0xc4/0x328 [kvm]\n[ 149.849586] [\u003cffffffffc062cef4\u003e] kvm_arch_vcpu_create+0x184/0x228 [kvm]\n[ 149.849605] [\u003cffffffffc062854c\u003e] kvm_vm_ioctl+0x64c/0xf28 [kvm]\n[ 149.849623] [\u003cffffffff805209c0\u003e] sys_ioctl+0xc8/0x118\n[ 149.849631] [\u003cffffffff80219eb0\u003e] syscall_common+0x34/0x58\n\nThe root cause is the deletion of kvm_mips_commpage_init() leaves vcpu\n-\u003earch.cop0 NULL. So fix it by making cop0 from a pointer to an embedded\nobject.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54241",
"url": "https://www.suse.com/security/cve/CVE-2023-54241"
},
{
"category": "external",
"summary": "SUSE Bug 1255838 for CVE-2023-54241",
"url": "https://bugzilla.suse.com/1255838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54241"
},
{
"cve": "CVE-2023-54246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()\n\nThe rcuscale.holdoff module parameter can be used to delay the start\nof rcu_scale_writer() kthread. However, the hung-task timeout will\ntrigger when the timeout specified by rcuscale.holdoff is greater than\nhung_task_timeout_secs:\n\nrunqemu kvm nographic slirp qemuparams=\"-smp 4 -m 2048M\"\nbootparams=\"rcuscale.shutdown=0 rcuscale.holdoff=300\"\n\n[ 247.071753] INFO: task rcu_scale_write:59 blocked for more than 122 seconds.\n[ 247.072529] Not tainted 6.4.0-rc1-00134-gb9ed6de8d4ff #7\n[ 247.073400] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 247.074331] task:rcu_scale_write state:D stack:30144 pid:59 ppid:2 flags:0x00004000\n[ 247.075346] Call Trace:\n[ 247.075660] \u003cTASK\u003e\n[ 247.075965] __schedule+0x635/0x1280\n[ 247.076448] ? __pfx___schedule+0x10/0x10\n[ 247.076967] ? schedule_timeout+0x2dc/0x4d0\n[ 247.077471] ? __pfx_lock_release+0x10/0x10\n[ 247.078018] ? enqueue_timer+0xe2/0x220\n[ 247.078522] schedule+0x84/0x120\n[ 247.078957] schedule_timeout+0x2e1/0x4d0\n[ 247.079447] ? __pfx_schedule_timeout+0x10/0x10\n[ 247.080032] ? __pfx_rcu_scale_writer+0x10/0x10\n[ 247.080591] ? __pfx_process_timeout+0x10/0x10\n[ 247.081163] ? __pfx_sched_set_fifo_low+0x10/0x10\n[ 247.081760] ? __pfx_rcu_scale_writer+0x10/0x10\n[ 247.082287] rcu_scale_writer+0x6b1/0x7f0\n[ 247.082773] ? mark_held_locks+0x29/0xa0\n[ 247.083252] ? __pfx_rcu_scale_writer+0x10/0x10\n[ 247.083865] ? __pfx_rcu_scale_writer+0x10/0x10\n[ 247.084412] kthread+0x179/0x1c0\n[ 247.084759] ? __pfx_kthread+0x10/0x10\n[ 247.085098] ret_from_fork+0x2c/0x50\n[ 247.085433] \u003c/TASK\u003e\n\nThis commit therefore replaces schedule_timeout_uninterruptible() with\nschedule_timeout_idle().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54246",
"url": "https://www.suse.com/security/cve/CVE-2023-54246"
},
{
"category": "external",
"summary": "SUSE Bug 1255915 for CVE-2023-54246",
"url": "https://bugzilla.suse.com/1255915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54246"
},
{
"cve": "CVE-2023-54247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54247"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Silence a warning in btf_type_id_size()\n\nsyzbot reported a warning in [1] with the following stacktrace:\n WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:1988\n ...\n RIP: 0010:btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:1988\n ...\n Call Trace:\n \u003cTASK\u003e\n map_check_btf kernel/bpf/syscall.c:1024 [inline]\n map_create+0x1157/0x1860 kernel/bpf/syscall.c:1198\n __sys_bpf+0x127f/0x5420 kernel/bpf/syscall.c:5040\n __do_sys_bpf kernel/bpf/syscall.c:5162 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5160 [inline]\n __x64_sys_bpf+0x79/0xc0 kernel/bpf/syscall.c:5160\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nWith the following btf\n [1] DECL_TAG \u0027a\u0027 type_id=4 component_idx=-1\n [2] PTR \u0027(anon)\u0027 type_id=0\n [3] TYPE_TAG \u0027a\u0027 type_id=2\n [4] VAR \u0027a\u0027 type_id=3, linkage=static\nand when the bpf_attr.btf_key_type_id = 1 (DECL_TAG),\nthe following WARN_ON_ONCE in btf_type_id_size() is triggered:\n if (WARN_ON_ONCE(!btf_type_is_modifier(size_type) \u0026\u0026\n !btf_type_is_var(size_type)))\n return NULL;\n\nNote that \u0027return NULL\u0027 is the correct behavior as we don\u0027t want\na DECL_TAG type to be used as a btf_{key,value}_type_id even\nfor the case like \u0027DECL_TAG -\u003e STRUCT\u0027. So there\nis no correctness issue here, we just want to silence warning.\n\nTo silence the warning, I added DECL_TAG as one of kinds in\nbtf_type_nosize() which will cause btf_type_id_size() returning\nNULL earlier without the warning.\n\n [1] https://lore.kernel.org/bpf/000000000000e0df8d05fc75ba86@google.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54247",
"url": "https://www.suse.com/security/cve/CVE-2023-54247"
},
{
"category": "external",
"summary": "SUSE Bug 1255892 for CVE-2023-54247",
"url": "https://bugzilla.suse.com/1255892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54247"
},
{
"cve": "CVE-2023-54251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.\n\nsyzkaller found zero division error [0] in div_s64_rem() called from\nget_cycle_time_elapsed(), where sched-\u003ecycle_time is the divisor.\n\nWe have tests in parse_taprio_schedule() so that cycle_time will never\nbe 0, and actually cycle_time is not 0 in get_cycle_time_elapsed().\n\nThe problem is that the types of divisor are different; cycle_time is\ns64, but the argument of div_s64_rem() is s32.\n\nsyzkaller fed this input and 0x100000000 is cast to s32 to be 0.\n\n @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x100000000}\n\nWe use s64 for cycle_time to cast it to ktime_t, so let\u0027s keep it and\nset max for cycle_time.\n\nWhile at it, we prevent overflow in setup_txtime() and add another\ntest in parse_taprio_schedule() to check if cycle_time overflows.\n\nAlso, we add a new tdc test case for this issue.\n\n[0]:\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 103 Comm: kworker/1:3 Not tainted 6.5.0-rc1-00330-g60cc1f7d0605 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: ipv6_addrconf addrconf_dad_work\nRIP: 0010:div_s64_rem include/linux/math64.h:42 [inline]\nRIP: 0010:get_cycle_time_elapsed net/sched/sch_taprio.c:223 [inline]\nRIP: 0010:find_entry_to_transmit+0x252/0x7e0 net/sched/sch_taprio.c:344\nCode: 3c 02 00 0f 85 5e 05 00 00 48 8b 4c 24 08 4d 8b bd 40 01 00 00 48 8b 7c 24 48 48 89 c8 4c 29 f8 48 63 f7 48 99 48 89 74 24 70 \u003c48\u003e f7 fe 48 29 d1 48 8d 04 0f 49 89 cc 48 89 44 24 20 49 8d 85 10\nRSP: 0018:ffffc90000acf260 EFLAGS: 00010206\nRAX: 177450e0347560cf RBX: 0000000000000000 RCX: 177450e0347560cf\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000100000000\nRBP: 0000000000000056 R08: 0000000000000000 R09: ffffed10020a0934\nR10: ffff8880105049a7 R11: ffff88806cf3a520 R12: ffff888010504800\nR13: ffff88800c00d800 R14: ffff8880105049a0 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0edf84f0e8 CR3: 000000000d73c002 CR4: 0000000000770ee0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n get_packet_txtime net/sched/sch_taprio.c:508 [inline]\n taprio_enqueue_one+0x900/0xff0 net/sched/sch_taprio.c:577\n taprio_enqueue+0x378/0xae0 net/sched/sch_taprio.c:658\n dev_qdisc_enqueue+0x46/0x170 net/core/dev.c:3732\n __dev_xmit_skb net/core/dev.c:3821 [inline]\n __dev_queue_xmit+0x1b2f/0x3000 net/core/dev.c:4169\n dev_queue_xmit include/linux/netdevice.h:3088 [inline]\n neigh_resolve_output net/core/neighbour.c:1552 [inline]\n neigh_resolve_output+0x4a7/0x780 net/core/neighbour.c:1532\n neigh_output include/net/neighbour.h:544 [inline]\n ip6_finish_output2+0x924/0x17d0 net/ipv6/ip6_output.c:135\n __ip6_finish_output+0x620/0xaa0 net/ipv6/ip6_output.c:196\n ip6_finish_output net/ipv6/ip6_output.c:207 [inline]\n NF_HOOK_COND include/linux/netfilter.h:292 [inline]\n ip6_output+0x206/0x410 net/ipv6/ip6_output.c:228\n dst_output include/net/dst.h:458 [inline]\n NF_HOOK.constprop.0+0xea/0x260 include/linux/netfilter.h:303\n ndisc_send_skb+0x872/0xe80 net/ipv6/ndisc.c:508\n ndisc_send_ns+0xb5/0x130 net/ipv6/ndisc.c:666\n addrconf_dad_work+0xc14/0x13f0 net/ipv6/addrconf.c:4175\n process_one_work+0x92c/0x13a0 kernel/workqueue.c:2597\n worker_thread+0x60f/0x1240 kernel/workqueue.c:2748\n kthread+0x2fe/0x3f0 kernel/kthread.c:389\n ret_from_fork+0x2c/0x50 arch/x86/entry/entry_64.S:308\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54251",
"url": "https://www.suse.com/security/cve/CVE-2023-54251"
},
{
"category": "external",
"summary": "SUSE Bug 1255888 for CVE-2023-54251",
"url": "https://bugzilla.suse.com/1255888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54251"
},
{
"cve": "CVE-2023-54253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set page extent mapped after read_folio in relocate_one_page\n\nOne of the CI runs triggered the following panic\n\n assertion failed: PagePrivate(page) \u0026\u0026 page-\u003eprivate, in fs/btrfs/subpage.c:229\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/subpage.c:229!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 0 PID: 923660 Comm: btrfs Not tainted 6.5.0-rc3+ #1\n pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : btrfs_subpage_assert+0xbc/0xf0\n lr : btrfs_subpage_assert+0xbc/0xf0\n sp : ffff800093213720\n x29: ffff800093213720 x28: ffff8000932138b4 x27: 000000000c280000\n x26: 00000001b5d00000 x25: 000000000c281000 x24: 000000000c281fff\n x23: 0000000000001000 x22: 0000000000000000 x21: ffffff42b95bf880\n x20: ffff42b9528e0000 x19: 0000000000001000 x18: ffffffffffffffff\n x17: 667274622f736620 x16: 6e69202c65746176 x15: 0000000000000028\n x14: 0000000000000003 x13: 00000000002672d7 x12: 0000000000000000\n x11: ffffcd3f0ccd9204 x10: ffffcd3f0554ae50 x9 : ffffcd3f0379528c\n x8 : ffff800093213428 x7 : 0000000000000000 x6 : ffffcd3f091771e8\n x5 : ffff42b97f333948 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : ffff42b9556cde80 x0 : 000000000000004f\n Call trace:\n btrfs_subpage_assert+0xbc/0xf0\n btrfs_subpage_set_dirty+0x38/0xa0\n btrfs_page_set_dirty+0x58/0x88\n relocate_one_page+0x204/0x5f0\n relocate_file_extent_cluster+0x11c/0x180\n relocate_data_extent+0xd0/0xf8\n relocate_block_group+0x3d0/0x4e8\n btrfs_relocate_block_group+0x2d8/0x490\n btrfs_relocate_chunk+0x54/0x1a8\n btrfs_balance+0x7f4/0x1150\n btrfs_ioctl+0x10f0/0x20b8\n __arm64_sys_ioctl+0x120/0x11d8\n invoke_syscall.constprop.0+0x80/0xd8\n do_el0_svc+0x6c/0x158\n el0_svc+0x50/0x1b0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x194/0x198\n Code: 91098021 b0007fa0 91346000 97e9c6d2 (d4210000)\n\nThis is the same problem outlined in 17b17fcd6d44 (\"btrfs:\nset_page_extent_mapped after read_folio in btrfs_cont_expand\") , and the\nfix is the same. I originally looked for the same pattern elsewhere in\nour code, but mistakenly skipped over this code because I saw the page\ncache readahead before we set_page_extent_mapped, not realizing that\nthis was only in the !page case, that we can still end up with a\n!uptodate page and then do the btrfs_read_folio further down.\n\nThe fix here is the same as the above mentioned patch, move the\nset_page_extent_mapped call to after the btrfs_read_folio() block to\nmake sure that we have the subpage blocksize stuff setup properly before\nusing the page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54253",
"url": "https://www.suse.com/security/cve/CVE-2023-54253"
},
{
"category": "external",
"summary": "SUSE Bug 1255891 for CVE-2023-54253",
"url": "https://bugzilla.suse.com/1255891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54253"
},
{
"cve": "CVE-2023-54254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54254"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Don\u0027t leak a resource on eviction error\n\nOn eviction errors other than -EMULTIHOP we were leaking a resource.\nFix.\n\nv2:\n- Avoid yet another goto (Andi Shyti)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54254",
"url": "https://www.suse.com/security/cve/CVE-2023-54254"
},
{
"category": "external",
"summary": "SUSE Bug 1255890 for CVE-2023-54254",
"url": "https://bugzilla.suse.com/1255890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54254"
},
{
"cve": "CVE-2023-54255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsh: dma: Fix DMA channel offset calculation\n\nVarious SoCs of the SH3, SH4 and SH4A family, which use this driver,\nfeature a differing number of DMA channels, which can be distributed\nbetween up to two DMAC modules. The existing implementation fails to\ncorrectly accommodate for all those variations, resulting in wrong\nchannel offset calculations and leading to kernel panics.\n\nRewrite dma_base_addr() in order to properly calculate channel offsets\nin a DMAC module. Fix dmaor_read_reg() and dmaor_write_reg(), so that\nthe correct DMAC module base is selected for the DMAOR register.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54255",
"url": "https://www.suse.com/security/cve/CVE-2023-54255"
},
{
"category": "external",
"summary": "SUSE Bug 1255884 for CVE-2023-54255",
"url": "https://bugzilla.suse.com/1255884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54255"
},
{
"cve": "CVE-2023-54258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential oops in cifs_oplock_break\n\nWith deferred close we can have closes that race with lease breaks,\nand so with the current checks for whether to send the lease response,\noplock_response(), this can mean that an unmount (kill_sb) can occur\njust before we were checking if the tcon-\u003eses is valid. See below:\n\n[Fri Aug 4 04:12:50 2023] RIP: 0010:cifs_oplock_break+0x1f7/0x5b0 [cifs]\n[Fri Aug 4 04:12:50 2023] Code: 7d a8 48 8b 7d c0 c0 e9 02 48 89 45 b8 41 89 cf e8 3e f5 ff ff 4c 89 f7 41 83 e7 01 e8 82 b3 03 f2 49 8b 45 50 48 85 c0 74 5e \u003c48\u003e 83 78 60 00 74 57 45 84 ff 75 52 48 8b 43 98 48 83 eb 68 48 39\n[Fri Aug 4 04:12:50 2023] RSP: 0018:ffffb30607ddbdf8 EFLAGS: 00010206\n[Fri Aug 4 04:12:50 2023] RAX: 632d223d32612022 RBX: ffff97136944b1e0 RCX: 0000000080100009\n[Fri Aug 4 04:12:50 2023] RDX: 0000000000000001 RSI: 0000000080100009 RDI: ffff97136944b188\n[Fri Aug 4 04:12:50 2023] RBP: ffffb30607ddbe58 R08: 0000000000000001 R09: ffffffffc08e0900\n[Fri Aug 4 04:12:50 2023] R10: 0000000000000001 R11: 000000000000000f R12: ffff97136944b138\n[Fri Aug 4 04:12:50 2023] R13: ffff97149147c000 R14: ffff97136944b188 R15: 0000000000000000\n[Fri Aug 4 04:12:50 2023] FS: 0000000000000000(0000) GS:ffff9714f7c00000(0000) knlGS:0000000000000000\n[Fri Aug 4 04:12:50 2023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[Fri Aug 4 04:12:50 2023] CR2: 00007fd8de9c7590 CR3: 000000011228e000 CR4: 0000000000350ef0\n[Fri Aug 4 04:12:50 2023] Call Trace:\n[Fri Aug 4 04:12:50 2023] \u003cTASK\u003e\n[Fri Aug 4 04:12:50 2023] process_one_work+0x225/0x3d0\n[Fri Aug 4 04:12:50 2023] worker_thread+0x4d/0x3e0\n[Fri Aug 4 04:12:50 2023] ? process_one_work+0x3d0/0x3d0\n[Fri Aug 4 04:12:50 2023] kthread+0x12a/0x150\n[Fri Aug 4 04:12:50 2023] ? set_kthread_struct+0x50/0x50\n[Fri Aug 4 04:12:50 2023] ret_from_fork+0x22/0x30\n[Fri Aug 4 04:12:50 2023] \u003c/TASK\u003e\n\nTo fix this change the ordering of the checks before sending the oplock_response\nto first check if the openFileList is empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54258",
"url": "https://www.suse.com/security/cve/CVE-2023-54258"
},
{
"category": "external",
"summary": "SUSE Bug 1255886 for CVE-2023-54258",
"url": "https://bugzilla.suse.com/1255886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54258"
},
{
"cve": "CVE-2023-54261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Add missing gfx11 MQD manager callbacks\n\nmqd_stride function was introduced in commit 2f77b9a242a2\n(\"drm/amdkfd: Update MQD management on multi XCC setup\")\nbut not assigned for gfx11. Fixes a NULL dereference in debugfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54261",
"url": "https://www.suse.com/security/cve/CVE-2023-54261"
},
{
"category": "external",
"summary": "SUSE Bug 1255879 for CVE-2023-54261",
"url": "https://bugzilla.suse.com/1255879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54261"
},
{
"cve": "CVE-2023-54263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54263"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP\n\nFixes OOPS on boards with ANX9805 DP encoders.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54263",
"url": "https://www.suse.com/security/cve/CVE-2023-54263"
},
{
"category": "external",
"summary": "SUSE Bug 1255883 for CVE-2023-54263",
"url": "https://bugzilla.suse.com/1255883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54263"
},
{
"cve": "CVE-2023-54264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/sysv: Null check to prevent null-ptr-deref bug\n\nsb_getblk(inode-\u003ei_sb, parent) return a null ptr and taking lock on\nthat leads to the null-ptr-deref bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54264",
"url": "https://www.suse.com/security/cve/CVE-2023-54264"
},
{
"category": "external",
"summary": "SUSE Bug 1255872 for CVE-2023-54264",
"url": "https://bugzilla.suse.com/1255872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54264"
},
{
"cve": "CVE-2023-54266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54266"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()\n\n\u0027read\u0027 is freed when it is known to be NULL, but not when a read error\noccurs.\n\nRevert the logic to avoid a small leak, should a m920x_read() call fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54266",
"url": "https://www.suse.com/security/cve/CVE-2023-54266"
},
{
"category": "external",
"summary": "SUSE Bug 1255875 for CVE-2023-54266",
"url": "https://bugzilla.suse.com/1255875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54266"
},
{
"cve": "CVE-2023-54267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54267"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT\n\nlppaca_shared_proc() takes a pointer to the lppaca which is typically\naccessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads\nto checking if preemption is enabled, for example:\n\n BUG: using smp_processor_id() in preemptible [00000000] code: grep/10693\n caller is lparcfg_data+0x408/0x19a0\n CPU: 4 PID: 10693 Comm: grep Not tainted 6.5.0-rc3 #2\n Call Trace:\n dump_stack_lvl+0x154/0x200 (unreliable)\n check_preemption_disabled+0x214/0x220\n lparcfg_data+0x408/0x19a0\n ...\n\nThis isn\u0027t actually a problem however, as it does not matter which\nlppaca is accessed, the shared proc state will be the same.\nvcpudispatch_stats_procfs_init() already works around this by disabling\npreemption, but the lparcfg code does not, erroring any time\n/proc/powerpc/lparcfg is accessed with DEBUG_PREEMPT enabled.\n\nInstead of disabling preemption on the caller side, rework\nlppaca_shared_proc() to not take a pointer and instead directly access\nthe lppaca, bypassing any potential preemption checks.\n\n[mpe: Rework to avoid needing a definition in paca.h and lppaca.h]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54267",
"url": "https://www.suse.com/security/cve/CVE-2023-54267"
},
{
"category": "external",
"summary": "SUSE Bug 1255899 for CVE-2023-54267",
"url": "https://bugzilla.suse.com/1255899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54267"
},
{
"cve": "CVE-2023-54271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init\n\nblk-iocost sometimes causes the following crash:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000e0\n ...\n RIP: 0010:_raw_spin_lock+0x17/0x30\n Code: be 01 02 00 00 e8 79 38 39 ff 31 d2 89 d0 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 65 ff 05 48 d0 34 7e b9 01 00 00 00 31 c0 \u003cf0\u003e 0f b1 0f 75 02 5d c3 89 c6 e8 ea 04 00 00 5d c3 0f 1f 84 00 00\n RSP: 0018:ffffc900023b3d40 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 00000000000000e0 RCX: 0000000000000001\n RDX: ffffc900023b3d20 RSI: ffffc900023b3cf0 RDI: 00000000000000e0\n RBP: ffffc900023b3d40 R08: ffffc900023b3c10 R09: 0000000000000003\n R10: 0000000000000064 R11: 000000000000000a R12: ffff888102337000\n R13: fffffffffffffff2 R14: ffff88810af408c8 R15: ffff8881070c3600\n FS: 00007faaaf364fc0(0000) GS:ffff88842fdc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000e0 CR3: 00000001097b1000 CR4: 0000000000350ea0\n Call Trace:\n \u003cTASK\u003e\n ioc_weight_write+0x13d/0x410\n cgroup_file_write+0x7a/0x130\n kernfs_fop_write_iter+0xf5/0x170\n vfs_write+0x298/0x370\n ksys_write+0x5f/0xb0\n __x64_sys_write+0x1b/0x20\n do_syscall_64+0x3d/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis happens because iocg-\u003eioc is NULL. The field is initialized by\nioc_pd_init() and never cleared. The NULL deref is caused by\nblkcg_activate_policy() installing blkg_policy_data before initializing it.\n\nblkcg_activate_policy() was doing the following:\n\n1. Allocate pd\u0027s for all existing blkg\u0027s and install them in blkg-\u003epd[].\n2. Initialize all pd\u0027s.\n3. Online all pd\u0027s.\n\nblkcg_activate_policy() only grabs the queue_lock and may release and\nre-acquire the lock as allocation may need to sleep. ioc_weight_write()\ngrabs blkcg-\u003elock and iterates all its blkg\u0027s. The two can race and if\nioc_weight_write() runs during #1 or between #1 and #2, it can encounter a\npd which is not initialized yet, leading to crash.\n\nThe crash can be reproduced with the following script:\n\n #!/bin/bash\n\n echo +io \u003e /sys/fs/cgroup/cgroup.subtree_control\n systemd-run --unit touch-sda --scope dd if=/dev/sda of=/dev/null bs=1M count=1 iflag=direct\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n bash -c \"echo \u00278:0 enable=1\u0027 \u003e /sys/fs/cgroup/io.cost.qos\" \u0026\n sleep .2\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n\nwith the following patch applied:\n\n\u003e diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c\n\u003e index fc49be622e05..38d671d5e10c 100644\n\u003e --- a/block/blk-cgroup.c\n\u003e +++ b/block/blk-cgroup.c\n\u003e @@ -1553,6 +1553,12 @@ int blkcg_activate_policy(struct gendisk *disk, const struct blkcg_policy *pol)\n\u003e \t\tpd-\u003eonline = false;\n\u003e \t}\n\u003e\n\u003e + if (system_state == SYSTEM_RUNNING) {\n\u003e + spin_unlock_irq(\u0026q-\u003equeue_lock);\n\u003e + ssleep(1);\n\u003e + spin_lock_irq(\u0026q-\u003equeue_lock);\n\u003e + }\n\u003e +\n\u003e \t/* all allocated, init in the same order */\n\u003e \tif (pol-\u003epd_init_fn)\n\u003e \t\tlist_for_each_entry_reverse(blkg, \u0026q-\u003eblkg_list, q_node)\n\nI don\u0027t see a reason why all pd\u0027s should be allocated, initialized and\nonlined together. The only ordering requirement is that parent blkgs to be\ninitialized and onlined before children, which is guaranteed from the\nwalking order. Let\u0027s fix the bug by allocating, initializing and onlining pd\nfor each blkg and holding blkcg-\u003elock over initialization and onlining. This\nensures that an installed blkg is always fully initialized and onlined\nremoving the the race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54271",
"url": "https://www.suse.com/security/cve/CVE-2023-54271"
},
{
"category": "external",
"summary": "SUSE Bug 1255902 for CVE-2023-54271",
"url": "https://bugzilla.suse.com/1255902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54271"
},
{
"cve": "CVE-2023-54276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net\n\nCommit f5f9d4a314da (\"nfsd: move reply cache initialization into nfsd\nstartup\") moved the initialization of the reply cache into nfsd startup,\nbut didn\u0027t account for the stats counters, which can be accessed before\nnfsd is ever started. The result can be a NULL pointer dereference when\nsomeone accesses /proc/fs/nfsd/reply_cache_stats while nfsd is still\nshut down.\n\nThis is a regression and a user-triggerable oops in the right situation:\n\n- non-x86_64 arch\n- /proc/fs/nfsd is mounted in the namespace\n- nfsd is not started in the namespace\n- unprivileged user calls \"cat /proc/fs/nfsd/reply_cache_stats\"\n\nAlthough this is easy to trigger on some arches (like aarch64), on\nx86_64, calling this_cpu_ptr(NULL) evidently returns a pointer to the\nfixed_percpu_data. That struct looks just enough like a newly\ninitialized percpu var to allow nfsd_reply_cache_stats_show to access\nit without Oopsing.\n\nMove the initialization of the per-net+per-cpu reply-cache counters\nback into nfsd_init_net, while leaving the rest of the reply cache\nallocations to be done at nfsd startup time.\n\nKudos to Eirik who did most of the legwork to track this down.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54276",
"url": "https://www.suse.com/security/cve/CVE-2023-54276"
},
{
"category": "external",
"summary": "SUSE Bug 1255907 for CVE-2023-54276",
"url": "https://bugzilla.suse.com/1255907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54276"
},
{
"cve": "CVE-2023-54278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/vmem: split pages when debug pagealloc is enabled\n\nSince commit bb1520d581a3 (\"s390/mm: start kernel with DAT enabled\")\nthe kernel crashes early during boot when debug pagealloc is enabled:\n\nmem auto-init: stack:off, heap alloc:off, heap free:off\naddressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC\nModules linked in:\nCPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630\n[..]\nKrnl Code: 00000000001325f6: ec5600248064 cgrj %r5,%r6,8,000000000013263e\n 00000000001325fc: eb880002000c srlg %r8,%r8,2\n #0000000000132602: b2210051 ipte %r5,%r1,%r0,0\n \u003e0000000000132606: b90400d1 lgr %r13,%r1\n 000000000013260a: 41605008 la %r6,8(%r5)\n 000000000013260e: a7db1000 aghi %r13,4096\n 0000000000132612: b221006d ipte %r6,%r13,%r0,0\n 0000000000132616: e3d0d0000171 lay %r13,4096(%r13)\n\nCall Trace:\n __kernel_map_pages+0x14e/0x320\n __free_pages_ok+0x23a/0x5a8)\n free_low_memory_core_early+0x214/0x2c8\n memblock_free_all+0x28/0x58\n mem_init+0xb6/0x228\n mm_core_init+0xb6/0x3b0\n start_kernel+0x1d2/0x5a8\n startup_continue+0x36/0x40\nKernel panic - not syncing: Fatal exception: panic_on_oops\n\nThis is caused by using large mappings on machines with EDAT1/EDAT2. Add\nthe code to split the mappings into 4k pages if debug pagealloc is enabled\nby CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel\ncommand line option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54278",
"url": "https://www.suse.com/security/cve/CVE-2023-54278"
},
{
"category": "external",
"summary": "SUSE Bug 1255911 for CVE-2023-54278",
"url": "https://bugzilla.suse.com/1255911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54278"
},
{
"cve": "CVE-2023-54281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: release path before inode lookup during the ino lookup ioctl\n\nDuring the ino lookup ioctl we can end up calling btrfs_iget() to get an\ninode reference while we are holding on a root\u0027s btree. If btrfs_iget()\nneeds to lookup the inode from the root\u0027s btree, because it\u0027s not\ncurrently loaded in memory, then it will need to lock another or the\nsame path in the same root btree. This may result in a deadlock and\ntrigger the following lockdep splat:\n\n WARNING: possible circular locking dependency detected\n 6.5.0-rc7-syzkaller-00004-gf7757129e3de #0 Not tainted\n ------------------------------------------------------\n syz-executor277/5012 is trying to acquire lock:\n ffff88802df41710 (btrfs-tree-01){++++}-{3:3}, at: __btrfs_tree_read_lock+0x2f/0x220 fs/btrfs/locking.c:136\n\n but task is already holding lock:\n ffff88802df418e8 (btrfs-tree-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x2f/0x220 fs/btrfs/locking.c:136\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #1 (btrfs-tree-00){++++}-{3:3}:\n down_read_nested+0x49/0x2f0 kernel/locking/rwsem.c:1645\n __btrfs_tree_read_lock+0x2f/0x220 fs/btrfs/locking.c:136\n btrfs_search_slot+0x13a4/0x2f80 fs/btrfs/ctree.c:2302\n btrfs_init_root_free_objectid+0x148/0x320 fs/btrfs/disk-io.c:4955\n btrfs_init_fs_root fs/btrfs/disk-io.c:1128 [inline]\n btrfs_get_root_ref+0x5ae/0xae0 fs/btrfs/disk-io.c:1338\n btrfs_get_fs_root fs/btrfs/disk-io.c:1390 [inline]\n open_ctree+0x29c8/0x3030 fs/btrfs/disk-io.c:3494\n btrfs_fill_super+0x1c7/0x2f0 fs/btrfs/super.c:1154\n btrfs_mount_root+0x7e0/0x910 fs/btrfs/super.c:1519\n legacy_get_tree+0xef/0x190 fs/fs_context.c:611\n vfs_get_tree+0x8c/0x270 fs/super.c:1519\n fc_mount fs/namespace.c:1112 [inline]\n vfs_kern_mount+0xbc/0x150 fs/namespace.c:1142\n btrfs_mount+0x39f/0xb50 fs/btrfs/super.c:1579\n legacy_get_tree+0xef/0x190 fs/fs_context.c:611\n vfs_get_tree+0x8c/0x270 fs/super.c:1519\n do_new_mount+0x28f/0xae0 fs/namespace.c:3335\n do_mount fs/namespace.c:3675 [inline]\n __do_sys_mount fs/namespace.c:3884 [inline]\n __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3861\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n -\u003e #0 (btrfs-tree-01){++++}-{3:3}:\n check_prev_add kernel/locking/lockdep.c:3142 [inline]\n check_prevs_add kernel/locking/lockdep.c:3261 [inline]\n validate_chain kernel/locking/lockdep.c:3876 [inline]\n __lock_acquire+0x39ff/0x7f70 kernel/locking/lockdep.c:5144\n lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5761\n down_read_nested+0x49/0x2f0 kernel/locking/rwsem.c:1645\n __btrfs_tree_read_lock+0x2f/0x220 fs/btrfs/locking.c:136\n btrfs_tree_read_lock fs/btrfs/locking.c:142 [inline]\n btrfs_read_lock_root_node+0x292/0x3c0 fs/btrfs/locking.c:281\n btrfs_search_slot_get_root fs/btrfs/ctree.c:1832 [inline]\n btrfs_search_slot+0x4ff/0x2f80 fs/btrfs/ctree.c:2154\n btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:412\n btrfs_read_locked_inode fs/btrfs/inode.c:3892 [inline]\n btrfs_iget_path+0x2d9/0x1520 fs/btrfs/inode.c:5716\n btrfs_search_path_in_tree_user fs/btrfs/ioctl.c:1961 [inline]\n btrfs_ioctl_ino_lookup_user+0x77a/0xf50 fs/btrfs/ioctl.c:2105\n btrfs_ioctl+0xb0b/0xd40 fs/btrfs/ioctl.c:4683\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl+0xf8/0x170 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n other info \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54281",
"url": "https://www.suse.com/security/cve/CVE-2023-54281"
},
{
"category": "external",
"summary": "SUSE Bug 1255820 for CVE-2023-54281",
"url": "https://bugzilla.suse.com/1255820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54281"
},
{
"cve": "CVE-2023-54282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54282"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuners: qt1010: replace BUG_ON with a regular error\n\nBUG_ON is unnecessary here, and in addition it confuses smatch.\nReplacing this with an error return help resolve this smatch\nwarning:\n\ndrivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow \u0027i2c_data\u0027 34 \u003c= 34",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54282",
"url": "https://www.suse.com/security/cve/CVE-2023-54282"
},
{
"category": "external",
"summary": "SUSE Bug 1255810 for CVE-2023-54282",
"url": "https://bugzilla.suse.com/1255810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54282"
},
{
"cve": "CVE-2023-54283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Address KCSAN report on bpf_lru_list\n\nKCSAN reported a data-race when accessing node-\u003eref.\nAlthough node-\u003eref does not have to be accurate,\ntake this chance to use a more common READ_ONCE() and WRITE_ONCE()\npattern instead of data_race().\n\nThere is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().\nThis patch also adds bpf_lru_node_clear_ref() to do the\nWRITE_ONCE(node-\u003eref, 0) also.\n\n==================================================================\nBUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem\n\nwrite to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:\n__bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]\n__bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]\n__bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240\nbpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]\nbpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]\nbpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499\nprealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]\n__htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\n__sys_bpf+0x338/0x810\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:\nbpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]\n__htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\n__sys_bpf+0x338/0x810\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0x01 -\u003e 0x00\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54283",
"url": "https://www.suse.com/security/cve/CVE-2023-54283"
},
{
"category": "external",
"summary": "SUSE Bug 1255809 for CVE-2023-54283",
"url": "https://bugzilla.suse.com/1255809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54283"
},
{
"cve": "CVE-2023-54285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: Fix possible overflow condition in iomap_write_delalloc_scan\n\nfolio_next_index() returns an unsigned long value which left shifted\nby PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead\nuse folio_pos(folio) + folio_size(folio), which does this correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54285",
"url": "https://www.suse.com/security/cve/CVE-2023-54285"
},
{
"category": "external",
"summary": "SUSE Bug 1255807 for CVE-2023-54285",
"url": "https://bugzilla.suse.com/1255807"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54285"
},
{
"cve": "CVE-2023-54289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix NULL dereference in error handling\n\nSmatch reported:\n\ndrivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues()\nwarn: missing unwind goto?\n\nAt this point in the function, nothing has been allocated so we can return\ndirectly. In particular the \"qedf-\u003eglobal_queues\" have not been allocated\nso calling qedf_free_global_queues() will lead to a NULL dereference when\nwe check if (!gl[i]) and \"gl\" is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54289",
"url": "https://www.suse.com/security/cve/CVE-2023-54289"
},
{
"category": "external",
"summary": "SUSE Bug 1255806 for CVE-2023-54289",
"url": "https://bugzilla.suse.com/1255806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54289"
},
{
"cve": "CVE-2023-54291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvduse: fix NULL pointer dereference\n\nvduse_vdpa_set_vq_affinity callback can be called\nwith NULL value as cpu_mask when deleting the vduse\ndevice.\n\nThis patch resets virtqueue\u0027s IRQ affinity mask value\nto set all CPUs instead of dereferencing NULL cpu_mask.\n\n[ 4760.952149] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 4760.959110] #PF: supervisor read access in kernel mode\n[ 4760.964247] #PF: error_code(0x0000) - not-present page\n[ 4760.969385] PGD 0 P4D 0\n[ 4760.971927] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 4760.976112] CPU: 13 PID: 2346 Comm: vdpa Not tainted 6.4.0-rc6+ #4\n[ 4760.982291] Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS 2.8.1 06/26/2020\n[ 4760.989769] RIP: 0010:memcpy_orig+0xc5/0x130\n[ 4760.994049] Code: 16 f8 4c 89 07 4c 89 4f 08 4c 89 54 17 f0 4c 89 5c 17 f8 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 fa 08 72 1b \u003c4c\u003e 8b 06 4c 8b 4c 16 f8 4c 89 07 4c 89 4c 17 f8 c3 cc cc cc cc 66\n[ 4761.012793] RSP: 0018:ffffb1d565abb830 EFLAGS: 00010246\n[ 4761.018020] RAX: ffff9f4bf6b27898 RBX: ffff9f4be23969c0 RCX: ffff9f4bcadf6400\n[ 4761.025152] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff9f4bf6b27898\n[ 4761.032286] RBP: 0000000000000000 R08: 0000000000000008 R09: 0000000000000000\n[ 4761.039416] R10: 0000000000000000 R11: 0000000000000600 R12: 0000000000000000\n[ 4761.046549] R13: 0000000000000000 R14: 0000000000000080 R15: ffffb1d565abbb10\n[ 4761.053680] FS: 00007f64c2ec2740(0000) GS:ffff9f635f980000(0000) knlGS:0000000000000000\n[ 4761.061765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4761.067513] CR2: 0000000000000000 CR3: 0000001875270006 CR4: 00000000007706e0\n[ 4761.074645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4761.081775] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4761.088909] PKRU: 55555554\n[ 4761.091620] Call Trace:\n[ 4761.094074] \u003cTASK\u003e\n[ 4761.096180] ? __die+0x1f/0x70\n[ 4761.099238] ? page_fault_oops+0x171/0x4f0\n[ 4761.103340] ? exc_page_fault+0x7b/0x180\n[ 4761.107265] ? asm_exc_page_fault+0x22/0x30\n[ 4761.111460] ? memcpy_orig+0xc5/0x130\n[ 4761.115126] vduse_vdpa_set_vq_affinity+0x3e/0x50 [vduse]\n[ 4761.120533] virtnet_clean_affinity.part.0+0x3d/0x90 [virtio_net]\n[ 4761.126635] remove_vq_common+0x1a4/0x250 [virtio_net]\n[ 4761.131781] virtnet_remove+0x5d/0x70 [virtio_net]\n[ 4761.136580] virtio_dev_remove+0x3a/0x90\n[ 4761.140509] device_release_driver_internal+0x19b/0x200\n[ 4761.145742] bus_remove_device+0xc2/0x130\n[ 4761.149755] device_del+0x158/0x3e0\n[ 4761.153245] ? kernfs_find_ns+0x35/0xc0\n[ 4761.157086] device_unregister+0x13/0x60\n[ 4761.161010] unregister_virtio_device+0x11/0x20\n[ 4761.165543] device_release_driver_internal+0x19b/0x200\n[ 4761.170770] bus_remove_device+0xc2/0x130\n[ 4761.174782] device_del+0x158/0x3e0\n[ 4761.178276] ? __pfx_vdpa_name_match+0x10/0x10 [vdpa]\n[ 4761.183336] device_unregister+0x13/0x60\n[ 4761.187260] vdpa_nl_cmd_dev_del_set_doit+0x63/0xe0 [vdpa]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54291",
"url": "https://www.suse.com/security/cve/CVE-2023-54291"
},
{
"category": "external",
"summary": "SUSE Bug 1255798 for CVE-2023-54291",
"url": "https://bugzilla.suse.com/1255798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54291"
},
{
"cve": "CVE-2023-54292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix data race on CQP request done\n\nKCSAN detects a data race on cqp_request-\u003erequest_done memory location\nwhich is accessed locklessly in irdma_handle_cqp_op while being\nupdated in irdma_cqp_ce_handler.\n\nAnnotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any\ncompiler optimizations like load fusing and/or KCSAN warning.\n\n[222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma]\n\n[222808.417532] write to 0xffff8e44107019dc of 1 bytes by task 29658 on cpu 5:\n[222808.417610] irdma_cqp_ce_handler+0x21e/0x270 [irdma]\n[222808.417725] cqp_compl_worker+0x1b/0x20 [irdma]\n[222808.417827] process_one_work+0x4d1/0xa40\n[222808.417835] worker_thread+0x319/0x700\n[222808.417842] kthread+0x180/0x1b0\n[222808.417852] ret_from_fork+0x22/0x30\n\n[222808.417918] read to 0xffff8e44107019dc of 1 bytes by task 29688 on cpu 1:\n[222808.417995] irdma_wait_event+0x1e2/0x2c0 [irdma]\n[222808.418099] irdma_handle_cqp_op+0xae/0x170 [irdma]\n[222808.418202] irdma_cqp_cq_destroy_cmd+0x70/0x90 [irdma]\n[222808.418308] irdma_puda_dele_rsrc+0x46d/0x4d0 [irdma]\n[222808.418411] irdma_rt_deinit_hw+0x179/0x1d0 [irdma]\n[222808.418514] irdma_ib_dealloc_device+0x11/0x40 [irdma]\n[222808.418618] ib_dealloc_device+0x2a/0x120 [ib_core]\n[222808.418823] __ib_unregister_device+0xde/0x100 [ib_core]\n[222808.418981] ib_unregister_device+0x22/0x40 [ib_core]\n[222808.419142] irdma_ib_unregister_device+0x70/0x90 [irdma]\n[222808.419248] i40iw_close+0x6f/0xc0 [irdma]\n[222808.419352] i40e_client_device_unregister+0x14a/0x180 [i40e]\n[222808.419450] i40iw_remove+0x21/0x30 [irdma]\n[222808.419554] auxiliary_bus_remove+0x31/0x50\n[222808.419563] device_remove+0x69/0xb0\n[222808.419572] device_release_driver_internal+0x293/0x360\n[222808.419582] driver_detach+0x7c/0xf0\n[222808.419592] bus_remove_driver+0x8c/0x150\n[222808.419600] driver_unregister+0x45/0x70\n[222808.419610] auxiliary_driver_unregister+0x16/0x30\n[222808.419618] irdma_exit_module+0x18/0x1e [irdma]\n[222808.419733] __do_sys_delete_module.constprop.0+0x1e2/0x310\n[222808.419745] __x64_sys_delete_module+0x1b/0x30\n[222808.419755] do_syscall_64+0x39/0x90\n[222808.419763] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[222808.419829] value changed: 0x01 -\u003e 0x03",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54292",
"url": "https://www.suse.com/security/cve/CVE-2023-54292"
},
{
"category": "external",
"summary": "SUSE Bug 1255800 for CVE-2023-54292",
"url": "https://bugzilla.suse.com/1255800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54292"
},
{
"cve": "CVE-2023-54293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fixup btree_cache_wait list damage\n\nWe get a kernel crash about \"list_add corruption. next-\u003eprev should be\nprev (ffff9c801bc01210), but was ffff9c77b688237c.\n(next=ffffae586d8afe68).\"\n\ncrash\u003e struct list_head 0xffff9c801bc01210\nstruct list_head {\n next = 0xffffae586d8afe68,\n prev = 0xffffae586d8afe68\n}\ncrash\u003e struct list_head 0xffff9c77b688237c\nstruct list_head {\n next = 0x0,\n prev = 0x0\n}\ncrash\u003e struct list_head 0xffffae586d8afe68\nstruct list_head struct: invalid kernel virtual address: ffffae586d8afe68 type: \"gdb_readmem_callback\"\nCannot access memory at address 0xffffae586d8afe68\n\n[230469.019492] Call Trace:\n[230469.032041] prepare_to_wait+0x8a/0xb0\n[230469.044363] ? bch_btree_keys_free+0x6c/0xc0 [escache]\n[230469.056533] mca_cannibalize_lock+0x72/0x90 [escache]\n[230469.068788] mca_alloc+0x2ae/0x450 [escache]\n[230469.080790] bch_btree_node_get+0x136/0x2d0 [escache]\n[230469.092681] bch_btree_check_thread+0x1e1/0x260 [escache]\n[230469.104382] ? finish_wait+0x80/0x80\n[230469.115884] ? bch_btree_check_recurse+0x1a0/0x1a0 [escache]\n[230469.127259] kthread+0x112/0x130\n[230469.138448] ? kthread_flush_work_fn+0x10/0x10\n[230469.149477] ret_from_fork+0x35/0x40\n\nbch_btree_check_thread() and bch_dirty_init_thread() may call\nmca_cannibalize() to cannibalize other cached btree nodes. Only one thread\ncan do it at a time, so the op of other threads will be added to the\nbtree_cache_wait list.\n\nWe must call finish_wait() to remove op from btree_cache_wait before free\nit\u0027s memory address. Otherwise, the list will be damaged. Also should call\nbch_cannibalize_unlock() to release the btree_cache_alloc_lock and wake_up\nother waiters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54293",
"url": "https://www.suse.com/security/cve/CVE-2023-54293"
},
{
"category": "external",
"summary": "SUSE Bug 1255801 for CVE-2023-54293",
"url": "https://bugzilla.suse.com/1255801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54293"
},
{
"cve": "CVE-2023-54296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54296"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration\n\nFix a goof where KVM tries to grab source vCPUs from the destination VM\nwhen doing intrahost migration. Grabbing the wrong vCPU not only hoses\nthe guest, it also crashes the host due to the VMSA pointer being left\nNULL.\n\n BUG: unable to handle page fault for address: ffffe38687000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n CPU: 39 PID: 17143 Comm: sev_migrate_tes Tainted: GO 6.5.0-smp--fff2e47e6c3b-next #151\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.28.0 07/10/2023\n RIP: 0010:__free_pages+0x15/0xd0\n RSP: 0018:ffff923fcf6e3c78 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffffe38687000000 RCX: 0000000000000100\n RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffe38687000000\n RBP: ffff923fcf6e3c88 R08: ffff923fcafb0000 R09: 0000000000000000\n R10: 0000000000000000 R11: ffffffff83619b90 R12: ffff923fa9540000\n R13: 0000000000080007 R14: ffff923f6d35d000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff929d0d7c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffe38687000000 CR3: 0000005224c34005 CR4: 0000000000770ee0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0xcb/0x110 [kvm_amd]\n svm_vcpu_free+0x75/0xf0 [kvm_amd]\n kvm_arch_vcpu_destroy+0x36/0x140 [kvm]\n kvm_destroy_vcpus+0x67/0x100 [kvm]\n kvm_arch_destroy_vm+0x161/0x1d0 [kvm]\n kvm_put_kvm+0x276/0x560 [kvm]\n kvm_vm_release+0x25/0x30 [kvm]\n __fput+0x106/0x280\n ____fput+0x12/0x20\n task_work_run+0x86/0xb0\n do_exit+0x2e3/0x9c0\n do_group_exit+0xb1/0xc0\n __x64_sys_exit_group+0x1b/0x20\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n CR2: ffffe38687000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54296",
"url": "https://www.suse.com/security/cve/CVE-2023-54296"
},
{
"category": "external",
"summary": "SUSE Bug 1255793 for CVE-2023-54296",
"url": "https://bugzilla.suse.com/1255793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54296"
},
{
"cve": "CVE-2023-54297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix memory leak after finding block group with super blocks\n\nAt exclude_super_stripes(), if we happen to find a block group that has\nsuper blocks mapped to it and we are on a zoned filesystem, we error out\nas this is not supposed to happen, indicating either a bug or maybe some\nmemory corruption for example. However we are exiting the function without\nfreeing the memory allocated for the logical address of the super blocks.\nFix this by freeing the logical address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54297",
"url": "https://www.suse.com/security/cve/CVE-2023-54297"
},
{
"category": "external",
"summary": "SUSE Bug 1255795 for CVE-2023-54297",
"url": "https://bugzilla.suse.com/1255795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54297"
},
{
"cve": "CVE-2023-54299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54299"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: bus: verify partner exists in typec_altmode_attention\n\nSome usb hubs will negotiate DisplayPort Alt mode with the device\nbut will then negotiate a data role swap after entering the alt\nmode. The data role swap causes the device to unregister all alt\nmodes, however the usb hub will still send Attention messages\neven after failing to reregister the Alt Mode. type_altmode_attention\ncurrently does not verify whether or not a device\u0027s altmode partner\nexists, which results in a NULL pointer error when dereferencing\nthe typec_altmode and typec_altmode_ops belonging to the altmode\npartner.\n\nVerify the presence of a device\u0027s altmode partner before sending\nthe Attention message to the Alt Mode driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54299",
"url": "https://www.suse.com/security/cve/CVE-2023-54299"
},
{
"category": "external",
"summary": "SUSE Bug 1255789 for CVE-2023-54299",
"url": "https://bugzilla.suse.com/1255789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54299"
},
{
"cve": "CVE-2023-54300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx\n\nFor the reasons also described in commit b383e8abed41 (\"wifi: ath9k: avoid\nuninit memory read in ath9k_htc_rx_msg()\"), ath9k_htc_rx_msg() should\nvalidate pkt_len before accessing the SKB.\n\nFor example, the obtained SKB may have been badly constructed with\npkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr\nbut after being processed in ath9k_htc_rx_msg() and passed to\nath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI\ncommand header which should be located inside its data payload.\n\nImplement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit\nmemory can be referenced.\n\nTested on Qualcomm Atheros Communications AR9271 802.11n .\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54300",
"url": "https://www.suse.com/security/cve/CVE-2023-54300"
},
{
"category": "external",
"summary": "SUSE Bug 1255790 for CVE-2023-54300",
"url": "https://bugzilla.suse.com/1255790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54300"
},
{
"cve": "CVE-2023-54302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix data race on CQP completion stats\n\nCQP completion statistics is read lockesly in irdma_wait_event and\nirdma_check_cqp_progress while it can be updated in the completion\nthread irdma_sc_ccq_get_cqe_info on another CPU as KCSAN reports.\n\nMake completion statistics an atomic variable to reflect coherent updates\nto it. This will also avoid load/store tearing logic bug potentially\npossible by compiler optimizations.\n\n[77346.170861] BUG: KCSAN: data-race in irdma_handle_cqp_op [irdma] / irdma_sc_ccq_get_cqe_info [irdma]\n\n[77346.171383] write to 0xffff8a3250b108e0 of 8 bytes by task 9544 on cpu 4:\n[77346.171483] irdma_sc_ccq_get_cqe_info+0x27a/0x370 [irdma]\n[77346.171658] irdma_cqp_ce_handler+0x164/0x270 [irdma]\n[77346.171835] cqp_compl_worker+0x1b/0x20 [irdma]\n[77346.172009] process_one_work+0x4d1/0xa40\n[77346.172024] worker_thread+0x319/0x700\n[77346.172037] kthread+0x180/0x1b0\n[77346.172054] ret_from_fork+0x22/0x30\n\n[77346.172136] read to 0xffff8a3250b108e0 of 8 bytes by task 9838 on cpu 2:\n[77346.172234] irdma_handle_cqp_op+0xf4/0x4b0 [irdma]\n[77346.172413] irdma_cqp_aeq_cmd+0x75/0xa0 [irdma]\n[77346.172592] irdma_create_aeq+0x390/0x45a [irdma]\n[77346.172769] irdma_rt_init_hw.cold+0x212/0x85d [irdma]\n[77346.172944] irdma_probe+0x54f/0x620 [irdma]\n[77346.173122] auxiliary_bus_probe+0x66/0xa0\n[77346.173137] really_probe+0x140/0x540\n[77346.173154] __driver_probe_device+0xc7/0x220\n[77346.173173] driver_probe_device+0x5f/0x140\n[77346.173190] __driver_attach+0xf0/0x2c0\n[77346.173208] bus_for_each_dev+0xa8/0xf0\n[77346.173225] driver_attach+0x29/0x30\n[77346.173240] bus_add_driver+0x29c/0x2f0\n[77346.173255] driver_register+0x10f/0x1a0\n[77346.173272] __auxiliary_driver_register+0xbc/0x140\n[77346.173287] irdma_init_module+0x55/0x1000 [irdma]\n[77346.173460] do_one_initcall+0x7d/0x410\n[77346.173475] do_init_module+0x81/0x2c0\n[77346.173491] load_module+0x1232/0x12c0\n[77346.173506] __do_sys_finit_module+0x101/0x180\n[77346.173522] __x64_sys_finit_module+0x3c/0x50\n[77346.173538] do_syscall_64+0x39/0x90\n[77346.173553] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[77346.173634] value changed: 0x0000000000000094 -\u003e 0x0000000000000095",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54302",
"url": "https://www.suse.com/security/cve/CVE-2023-54302"
},
{
"category": "external",
"summary": "SUSE Bug 1255792 for CVE-2023-54302",
"url": "https://bugzilla.suse.com/1255792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54302"
},
{
"cve": "CVE-2023-54303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Disable preemption in bpf_perf_event_output\n\nThe nesting protection in bpf_perf_event_output relies on disabled\npreemption, which is guaranteed for kprobes and tracepoints.\n\nHowever bpf_perf_event_output can be also called from uprobes context\nthrough bpf_prog_run_array_sleepable function which disables migration,\nbut keeps preemption enabled.\n\nThis can cause task to be preempted by another one inside the nesting\nprotection and lead eventually to two tasks using same perf_sample_data\nbuffer and cause crashes like:\n\n kernel tried to execute NX-protected page - exploit attempt? (uid: 0)\n BUG: unable to handle page fault for address: ffffffff82be3eea\n ...\n Call Trace:\n ? __die+0x1f/0x70\n ? page_fault_oops+0x176/0x4d0\n ? exc_page_fault+0x132/0x230\n ? asm_exc_page_fault+0x22/0x30\n ? perf_output_sample+0x12b/0x910\n ? perf_event_output+0xd0/0x1d0\n ? bpf_perf_event_output+0x162/0x1d0\n ? bpf_prog_c6271286d9a4c938_krava1+0x76/0x87\n ? __uprobe_perf_func+0x12b/0x540\n ? uprobe_dispatcher+0x2c4/0x430\n ? uprobe_notify_resume+0x2da/0xce0\n ? atomic_notifier_call_chain+0x7b/0x110\n ? exit_to_user_mode_prepare+0x13e/0x290\n ? irqentry_exit_to_user_mode+0x5/0x30\n ? asm_exc_int3+0x35/0x40\n\nFixing this by disabling preemption in bpf_perf_event_output.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54303",
"url": "https://www.suse.com/security/cve/CVE-2023-54303"
},
{
"category": "external",
"summary": "SUSE Bug 1255785 for CVE-2023-54303",
"url": "https://bugzilla.suse.com/1255785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54303"
},
{
"cve": "CVE-2023-54304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: meson_sm: fix to avoid potential NULL pointer dereference\n\nof_match_device() may fail and returns a NULL pointer.\n\nFix this by checking the return value of of_match_device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54304",
"url": "https://www.suse.com/security/cve/CVE-2023-54304"
},
{
"category": "external",
"summary": "SUSE Bug 1255786 for CVE-2023-54304",
"url": "https://bugzilla.suse.com/1255786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54304"
},
{
"cve": "CVE-2023-54309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation\n\n/dev/vtpmx is made visible before \u0027workqueue\u0027 is initialized, which can\nlead to a memory corruption in the worst case scenario.\n\nAddress this by initializing \u0027workqueue\u0027 as the very first step of the\ndriver initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54309",
"url": "https://www.suse.com/security/cve/CVE-2023-54309"
},
{
"category": "external",
"summary": "SUSE Bug 1255780 for CVE-2023-54309",
"url": "https://bugzilla.suse.com/1255780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54309"
},
{
"cve": "CVE-2023-54312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsamples/bpf: Fix buffer overflow in tcp_basertt\n\nUsing sizeof(nv) or strlen(nv)+1 is correct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54312",
"url": "https://www.suse.com/security/cve/CVE-2023-54312"
},
{
"category": "external",
"summary": "SUSE Bug 1255774 for CVE-2023-54312",
"url": "https://bugzilla.suse.com/1255774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54312"
},
{
"cve": "CVE-2023-54313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix null pointer dereference in ovl_get_acl_rcu()\n\nFollowing process:\n P1 P2\n path_openat\n link_path_walk\n may_lookup\n inode_permission(rcu)\n ovl_permission\n acl_permission_check\n check_acl\n get_cached_acl_rcu\n\t ovl_get_inode_acl\n\t realinode = ovl_inode_real(ovl_inode)\n\t drop_cache\n\t\t __dentry_kill(ovl_dentry)\n\t\t\t\tiput(ovl_inode)\n\t\t ovl_destroy_inode(ovl_inode)\n\t\t dput(oi-\u003e__upperdentry)\n\t\t dentry_kill(upperdentry)\n\t\t dentry_unlink_inode\n\t\t\t\t upperdentry-\u003ed_inode = NULL\n\t ovl_inode_upper\n\t upperdentry = ovl_i_dentry_upper(ovl_inode)\n\t d_inode(upperdentry) // returns NULL\n\t IS_POSIXACL(realinode) // NULL pointer dereference\n, will trigger an null pointer dereference at realinode:\n [ 205.472797] BUG: kernel NULL pointer dereference, address:\n 0000000000000028\n [ 205.476701] CPU: 2 PID: 2713 Comm: ls Not tainted\n 6.3.0-12064-g2edfa098e750-dirty #1216\n [ 205.478754] RIP: 0010:do_ovl_get_acl+0x5d/0x300\n [ 205.489584] Call Trace:\n [ 205.489812] \u003cTASK\u003e\n [ 205.490014] ovl_get_inode_acl+0x26/0x30\n [ 205.490466] get_cached_acl_rcu+0x61/0xa0\n [ 205.490908] generic_permission+0x1bf/0x4e0\n [ 205.491447] ovl_permission+0x79/0x1b0\n [ 205.491917] inode_permission+0x15e/0x2c0\n [ 205.492425] link_path_walk+0x115/0x550\n [ 205.493311] path_lookupat.isra.0+0xb2/0x200\n [ 205.493803] filename_lookup+0xda/0x240\n [ 205.495747] vfs_fstatat+0x7b/0xb0\n\nFetch a reproducer in [Link].\n\nUse the helper ovl_i_path_realinode() to get realinode and then do\nnon-nullptr checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54313",
"url": "https://www.suse.com/security/cve/CVE-2023-54313"
},
{
"category": "external",
"summary": "SUSE Bug 1255775 for CVE-2023-54313",
"url": "https://bugzilla.suse.com/1255775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54313"
},
{
"cve": "CVE-2023-54314",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54314"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: af9005: Fix null-ptr-deref in af9005_i2c_xfer\n\nIn af9005_i2c_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9005_i2c_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54314",
"url": "https://www.suse.com/security/cve/CVE-2023-54314"
},
{
"category": "external",
"summary": "SUSE Bug 1255776 for CVE-2023-54314",
"url": "https://bugzilla.suse.com/1255776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54314"
},
{
"cve": "CVE-2023-54315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/sriov: perform null check on iov before dereferencing iov\n\nCurrently pointer iov is being dereferenced before the null check of iov\nwhich can lead to null pointer dereference errors. Fix this by moving the\niov null check before the dereferencing.\n\nDetected using cppcheck static analysis:\nlinux/arch/powerpc/platforms/powernv/pci-sriov.c:597:12: warning: Either\nthe condition \u0027!iov\u0027 is redundant or there is possible null pointer\ndereference: iov. [nullPointerRedundantCheck]\n num_vfs = iov-\u003enum_vfs;\n ^",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54315",
"url": "https://www.suse.com/security/cve/CVE-2023-54315"
},
{
"category": "external",
"summary": "SUSE Bug 1255769 for CVE-2023-54315",
"url": "https://bugzilla.suse.com/1255769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54315"
},
{
"cve": "CVE-2023-54316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54316"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrefscale: Fix uninitalized use of wait_queue_head_t\n\nRunning the refscale test occasionally crashes the kernel with the\nfollowing error:\n\n[ 8569.952896] BUG: unable to handle page fault for address: ffffffffffffffe8\n[ 8569.952900] #PF: supervisor read access in kernel mode\n[ 8569.952902] #PF: error_code(0x0000) - not-present page\n[ 8569.952904] PGD c4b048067 P4D c4b049067 PUD c4b04b067 PMD 0\n[ 8569.952910] Oops: 0000 [#1] PREEMPT_RT SMP NOPTI\n[ 8569.952916] Hardware name: Dell Inc. PowerEdge R750/0WMWCR, BIOS 1.2.4 05/28/2021\n[ 8569.952917] RIP: 0010:prepare_to_wait_event+0x101/0x190\n :\n[ 8569.952940] Call Trace:\n[ 8569.952941] \u003cTASK\u003e\n[ 8569.952944] ref_scale_reader+0x380/0x4a0 [refscale]\n[ 8569.952959] kthread+0x10e/0x130\n[ 8569.952966] ret_from_fork+0x1f/0x30\n[ 8569.952973] \u003c/TASK\u003e\n\nThe likely cause is that init_waitqueue_head() is called after the call to\nthe torture_create_kthread() function that creates the ref_scale_reader\nkthread. Although this init_waitqueue_head() call will very likely\ncomplete before this kthread is created and starts running, it is\npossible that the calling kthread will be delayed between the calls to\ntorture_create_kthread() and init_waitqueue_head(). In this case, the\nnew kthread will use the waitqueue head before it is properly initialized,\nwhich is not good for the kernel\u0027s health and well-being.\n\nThe above crash happened here:\n\n\tstatic inline void __add_wait_queue(...)\n\t{\n\t\t:\n\t\tif (!(wq-\u003eflags \u0026 WQ_FLAG_PRIORITY)) \u003c=== Crash here\n\nThe offset of flags from list_head entry in wait_queue_entry is\n-0x18. If reader_tasks[i].wq.head.next is NULL as allocated reader_task\nstructure is zero initialized, the instruction will try to access address\n0xffffffffffffffe8, which is exactly the fault address listed above.\n\nThis commit therefore invokes init_waitqueue_head() before creating\nthe kthread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54316",
"url": "https://www.suse.com/security/cve/CVE-2023-54316"
},
{
"category": "external",
"summary": "SUSE Bug 1255770 for CVE-2023-54316",
"url": "https://bugzilla.suse.com/1255770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54316"
},
{
"cve": "CVE-2023-54318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add\n\nWhile doing smcr_port_add, there maybe linkgroup add into or delete\nfrom smc_lgr_list.list at the same time, which may result kernel crash.\nSo, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in\nsmcr_port_add.\n\nThe crash calltrace show below:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 0 PID: 559726 Comm: kworker/0:92 Kdump: loaded Tainted: G\nHardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014\nWorkqueue: events smc_ib_port_event_work [smc]\nRIP: 0010:smcr_port_add+0xa6/0xf0 [smc]\nRSP: 0000:ffffa5a2c8f67de0 EFLAGS: 00010297\nRAX: 0000000000000001 RBX: ffff9935e0650000 RCX: 0000000000000000\nRDX: 0000000000000010 RSI: ffff9935e0654290 RDI: ffff9935c8560000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffff9934c0401918\nR10: 0000000000000000 R11: ffffffffb4a5c278 R12: ffff99364029aae4\nR13: ffff99364029aa00 R14: 00000000ffffffed R15: ffff99364029ab08\nFS: 0000000000000000(0000) GS:ffff994380600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 0000000f06a10003 CR4: 0000000002770ef0\nPKRU: 55555554\nCall Trace:\n smc_ib_port_event_work+0x18f/0x380 [smc]\n process_one_work+0x19b/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x114/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54318",
"url": "https://www.suse.com/security/cve/CVE-2023-54318"
},
{
"category": "external",
"summary": "SUSE Bug 1255772 for CVE-2023-54318",
"url": "https://bugzilla.suse.com/1255772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54318"
},
{
"cve": "CVE-2023-54319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91-pio4: check return value of devm_kasprintf()\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory.\nPointer could be NULL in case allocation fails. Check pointer validity.\nIdentified with coccinelle (kmerr.cocci script).\n\nDepends-on: 1c4e5c470a56 (\"pinctrl: at91: use devm_kasprintf() to avoid potential leaks\")\nDepends-on: 5a8f9cf269e8 (\"pinctrl: at91-pio4: use proper format specifier for unsigned int\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54319",
"url": "https://www.suse.com/security/cve/CVE-2023-54319"
},
{
"category": "external",
"summary": "SUSE Bug 1255760 for CVE-2023-54319",
"url": "https://bugzilla.suse.com/1255760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54319"
},
{
"cve": "CVE-2023-54322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set __exception_irq_entry with __irq_entry as a default\n\nfilter_irq_stacks() is supposed to cut entries which are related irq entries\nfrom its call stack.\nAnd in_irqentry_text() which is called by filter_irq_stacks()\nuses __irqentry_text_start/end symbol to find irq entries in callstack.\n\nBut it doesn\u0027t work correctly as without \"CONFIG_FUNCTION_GRAPH_TRACER\",\narm64 kernel doesn\u0027t include gic_handle_irq which is entry point of arm64 irq\nbetween __irqentry_text_start and __irqentry_text_end as we discussed in below link.\nhttps://lore.kernel.org/all/CACT4Y+aReMGLYua2rCLHgFpS9io5cZC04Q8GLs-uNmrn1ezxYQ@mail.gmail.com/#t\n\nThis problem can makes unintentional deep call stack entries especially\nin KASAN enabled situation as below.\n\n[ 2479.383395]I[0:launcher-loader: 1719] Stack depot reached limit capacity\n[ 2479.383538]I[0:launcher-loader: 1719] WARNING: CPU: 0 PID: 1719 at lib/stackdepot.c:129 __stack_depot_save+0x464/0x46c\n[ 2479.385693]I[0:launcher-loader: 1719] pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n[ 2479.385724]I[0:launcher-loader: 1719] pc : __stack_depot_save+0x464/0x46c\n[ 2479.385751]I[0:launcher-loader: 1719] lr : __stack_depot_save+0x460/0x46c\n[ 2479.385774]I[0:launcher-loader: 1719] sp : ffffffc0080073c0\n[ 2479.385793]I[0:launcher-loader: 1719] x29: ffffffc0080073e0 x28: ffffffd00b78a000 x27: 0000000000000000\n[ 2479.385839]I[0:launcher-loader: 1719] x26: 000000000004d1dd x25: ffffff891474f000 x24: 00000000ca64d1dd\n[ 2479.385882]I[0:launcher-loader: 1719] x23: 0000000000000200 x22: 0000000000000220 x21: 0000000000000040\n[ 2479.385925]I[0:launcher-loader: 1719] x20: ffffffc008007440 x19: 0000000000000000 x18: 0000000000000000\n[ 2479.385969]I[0:launcher-loader: 1719] x17: 2065726568207475 x16: 000000000000005e x15: 2d2d2d2d2d2d2d20\n[ 2479.386013]I[0:launcher-loader: 1719] x14: 5d39313731203a72 x13: 00000000002f6b30 x12: 00000000002f6af8\n[ 2479.386057]I[0:launcher-loader: 1719] x11: 00000000ffffffff x10: ffffffb90aacf000 x9 : e8a74a6c16008800\n[ 2479.386101]I[0:launcher-loader: 1719] x8 : e8a74a6c16008800 x7 : 00000000002f6b30 x6 : 00000000002f6af8\n[ 2479.386145]I[0:launcher-loader: 1719] x5 : ffffffc0080070c8 x4 : ffffffd00b192380 x3 : ffffffd0092b313c\n[ 2479.386189]I[0:launcher-loader: 1719] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000022\n[ 2479.386231]I[0:launcher-loader: 1719] Call trace:\n[ 2479.386248]I[0:launcher-loader: 1719] __stack_depot_save+0x464/0x46c\n[ 2479.386273]I[0:launcher-loader: 1719] kasan_save_stack+0x58/0x70\n[ 2479.386303]I[0:launcher-loader: 1719] save_stack_info+0x34/0x138\n[ 2479.386331]I[0:launcher-loader: 1719] kasan_save_free_info+0x18/0x24\n[ 2479.386358]I[0:launcher-loader: 1719] ____kasan_slab_free+0x16c/0x170\n[ 2479.386385]I[0:launcher-loader: 1719] __kasan_slab_free+0x10/0x20\n[ 2479.386410]I[0:launcher-loader: 1719] kmem_cache_free+0x238/0x53c\n[ 2479.386435]I[0:launcher-loader: 1719] mempool_free_slab+0x1c/0x28\n[ 2479.386460]I[0:launcher-loader: 1719] mempool_free+0x7c/0x1a0\n[ 2479.386484]I[0:launcher-loader: 1719] bvec_free+0x34/0x80\n[ 2479.386514]I[0:launcher-loader: 1719] bio_free+0x60/0x98\n[ 2479.386540]I[0:launcher-loader: 1719] bio_put+0x50/0x21c\n[ 2479.386567]I[0:launcher-loader: 1719] f2fs_write_end_io+0x4ac/0x4d0\n[ 2479.386594]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300\n[ 2479.386622]I[0:launcher-loader: 1719] __dm_io_complete+0x324/0x37c\n[ 2479.386650]I[0:launcher-loader: 1719] dm_io_dec_pending+0x60/0xa4\n[ 2479.386676]I[0:launcher-loader: 1719] clone_endio+0xf8/0x2f0\n[ 2479.386700]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300\n[ 2479.386727]I[0:launcher-loader: 1719] blk_update_request+0x258/0x63c\n[ 2479.386754]I[0:launcher-loader: 1719] scsi_end_request+0x50/0x304\n[ 2479.386782]I[0:launcher-loader: 1719] scsi_io_completion+0x88/0x160\n[ 2479.386808]I[0:launcher-loader: 1719] scsi_finish_command+0x17c/0x194\n[ 2479.386833]I\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54322",
"url": "https://www.suse.com/security/cve/CVE-2023-54322"
},
{
"category": "external",
"summary": "SUSE Bug 1255763 for CVE-2023-54322",
"url": "https://bugzilla.suse.com/1255763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2023-54322"
},
{
"cve": "CVE-2023-54324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54324"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a race condition in retrieve_deps\n\nThere\u0027s a race condition in the multipath target when retrieve_deps\nraces with multipath_message calling dm_get_device and dm_put_device.\nretrieve_deps walks the list of open devices without holding any lock\nbut multipath may add or remove devices to the list while it is\nrunning. The end result may be memory corruption or use-after-free\nmemory access.\n\nSee this description of a UAF with multipath_message():\nhttps://listman.redhat.com/archives/dm-devel/2022-October/052373.html\n\nFix this bug by introducing a new rw semaphore \"devices_lock\". We grab\ndevices_lock for read in retrieve_deps and we grab it for write in\ndm_get_device and dm_put_device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54324",
"url": "https://www.suse.com/security/cve/CVE-2023-54324"
},
{
"category": "external",
"summary": "SUSE Bug 1255759 for CVE-2023-54324",
"url": "https://bugzilla.suse.com/1255759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54324"
},
{
"cve": "CVE-2023-54326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Free IRQs before removing the device\n\nIn pci_endpoint_test_remove(), freeing the IRQs after removing the device\ncreates a small race window for IRQs to be received with the test device\nmemory already released, causing the IRQ handler to access invalid memory,\nresulting in an oops.\n\nFree the device IRQs before removing the device to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54326",
"url": "https://www.suse.com/security/cve/CVE-2023-54326"
},
{
"category": "external",
"summary": "SUSE Bug 1255758 for CVE-2023-54326",
"url": "https://bugzilla.suse.com/1255758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-54326"
},
{
"cve": "CVE-2024-26944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26944"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix use-after-free in do_zone_finish()\n\nShinichiro reported the following use-after-free triggered by the device\nreplace operation in fstests btrfs/070.\n\n BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0\n ==================================================================\n BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs]\n Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007\n\n CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G W 6.8.0-rc5-kts #1\n Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0x200/0x3e0\n kasan_report+0xd8/0x110\n ? do_zone_finish+0x91a/0xb90 [btrfs]\n ? do_zone_finish+0x91a/0xb90 [btrfs]\n do_zone_finish+0x91a/0xb90 [btrfs]\n btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs]\n ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs]\n ? btrfs_put_root+0x2d/0x220 [btrfs]\n ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs]\n cleaner_kthread+0x21e/0x380 [btrfs]\n ? __pfx_cleaner_kthread+0x10/0x10 [btrfs]\n kthread+0x2e3/0x3c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\n Allocated by task 3493983:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n btrfs_alloc_device+0xb3/0x4e0 [btrfs]\n device_list_add.constprop.0+0x993/0x1630 [btrfs]\n btrfs_scan_one_device+0x219/0x3d0 [btrfs]\n btrfs_control_ioctl+0x26e/0x310 [btrfs]\n __x64_sys_ioctl+0x134/0x1b0\n do_syscall_64+0x99/0x190\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 3494056:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3f/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x32/0x70\n kfree+0x11b/0x320\n btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs]\n btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs]\n btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs]\n btrfs_ioctl+0xb27/0x57d0 [btrfs]\n __x64_sys_ioctl+0x134/0x1b0\n do_syscall_64+0x99/0x190\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n The buggy address belongs to the object at ffff8881543c8000\n which belongs to the cache kmalloc-1k of size 1024\n The buggy address is located 96 bytes inside of\n freed 1024-byte region [ffff8881543c8000, ffff8881543c8400)\n\n The buggy address belongs to the physical page:\n page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8\n head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002\n raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\nThis UAF happens because we\u0027re accessing stale zone information of a\nalready removed btrfs_device in do_zone_finish().\n\nThe sequence of events is as follows:\n\nbtrfs_dev_replace_start\n btrfs_scrub_dev\n btrfs_dev_replace_finishing\n btrfs_dev_replace_update_device_in_mapping_tree \u003c-- devices replaced\n btrfs_rm_dev_replace_free_srcdev\n btrfs_free_device \u003c-- device freed\n\ncleaner_kthread\n btrfs_delete_unused_bgs\n btrfs_zone_finish\n do_zone_finish \u003c-- refers the freed device\n\nThe reason for this is that we\u0027re using a\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26944",
"url": "https://www.suse.com/security/cve/CVE-2024-26944"
},
{
"category": "external",
"summary": "SUSE Bug 1223731 for CVE-2024-26944",
"url": "https://bugzilla.suse.com/1223731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-26944"
},
{
"cve": "CVE-2025-38321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38321"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Log an error when close_all_cached_dirs fails\n\nUnder low-memory conditions, close_all_cached_dirs() can\u0027t move the\ndentries to a separate list to dput() them once the locks are dropped.\nThis will result in a \"Dentry still in use\" error, so add an error\nmessage that makes it clear this is what happened:\n\n[ 495.281119] CIFS: VFS: \\\\otters.example.com\\share Out of memory while dropping dentries\n[ 495.281595] ------------[ cut here ]------------\n[ 495.281887] BUG: Dentry ffff888115531138{i=78,n=/} still in use (2) [unmount of cifs cifs]\n[ 495.282391] WARNING: CPU: 1 PID: 2329 at fs/dcache.c:1536 umount_check+0xc8/0xf0\n\nAlso, bail out of looping through all tcons as soon as a single\nallocation fails, since we\u0027re already in trouble, and kmalloc() attempts\nfor subseqeuent tcons are likely to fail just like the first one did.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38321",
"url": "https://www.suse.com/security/cve/CVE-2025-38321"
},
{
"category": "external",
"summary": "SUSE Bug 1246328 for CVE-2025-38321",
"url": "https://bugzilla.suse.com/1246328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38321"
},
{
"cve": "CVE-2025-38728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix for slab out of bounds on mount to ksmbd\n\nWith KASAN enabled, it is possible to get a slab out of bounds\nduring mount to ksmbd due to missing check in parse_server_interfaces()\n(see below):\n\n BUG: KASAN: slab-out-of-bounds in\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n Read of size 4 at addr ffff8881433dba98 by task mount/9827\n\n CPU: 5 UID: 0 PID: 9827 Comm: mount Tainted: G\n OE 6.16.0-rc2-kasan #2 PREEMPT(voluntary)\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: Dell Inc. Precision Tower 3620/0MWYPT,\n BIOS 2.13.1 06/14/2019\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x9f/0xf0\n print_report+0xd1/0x670\n __virt_addr_valid+0x22c/0x430\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? kasan_complete_mode_report_info+0x2a/0x1f0\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n kasan_report+0xd6/0x110\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n __asan_report_load_n_noabort+0x13/0x20\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? __pfx_parse_server_interfaces+0x10/0x10 [cifs]\n ? trace_hardirqs_on+0x51/0x60\n SMB3_request_interfaces+0x1ad/0x3f0 [cifs]\n ? __pfx_SMB3_request_interfaces+0x10/0x10 [cifs]\n ? SMB2_tcon+0x23c/0x15d0 [cifs]\n smb3_qfs_tcon+0x173/0x2b0 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n cifs_mount_get_tcon+0x369/0xb90 [cifs]\n ? dfs_cache_find+0xe7/0x150 [cifs]\n dfs_mount_share+0x985/0x2970 [cifs]\n ? check_path.constprop.0+0x28/0x50\n ? save_trace+0x54/0x370\n ? __pfx_dfs_mount_share+0x10/0x10 [cifs]\n ? __lock_acquire+0xb82/0x2ba0\n ? __kasan_check_write+0x18/0x20\n cifs_mount+0xbc/0x9e0 [cifs]\n ? __pfx_cifs_mount+0x10/0x10 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_setup_cifs_sb+0x29d/0x810 [cifs]\n cifs_smb3_do_mount+0x263/0x1990 [cifs]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38728",
"url": "https://www.suse.com/security/cve/CVE-2025-38728"
},
{
"category": "external",
"summary": "SUSE Bug 1249256 for CVE-2025-38728",
"url": "https://bugzilla.suse.com/1249256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38728"
},
{
"cve": "CVE-2025-39977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39977"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Prevent use-after-free during requeue-PI\n\nsyzbot managed to trigger the following race:\n\n T1 T2\n\n futex_wait_requeue_pi()\n futex_do_wait()\n schedule()\n futex_requeue()\n futex_proxy_trylock_atomic()\n futex_requeue_pi_prepare()\n requeue_pi_wake_futex()\n futex_requeue_pi_complete()\n /* preempt */\n\n * timeout/ signal wakes T1 *\n\n futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED\n futex_hash_put()\n // back to userland, on stack futex_q is garbage\n\n /* back */\n wake_up_state(q-\u003etask, TASK_NORMAL);\n\nIn this scenario futex_wait_requeue_pi() is able to leave without using\nfutex_q::lock_ptr for synchronization.\n\nThis can be prevented by reading futex_q::task before updating the\nfutex_q::requeue_state. A reference on the task_struct is not needed\nbecause requeue_pi_wake_futex() is invoked with a spinlock_t held which\nimplies a RCU read section.\n\nEven if T1 terminates immediately after, the task_struct will remain valid\nduring T2\u0027s wake_up_state(). A READ_ONCE on futex_q::task before\nfutex_requeue_pi_complete() is enough because it ensures that the variable\nis read before the state is updated.\n\nRead futex_q::task before updating the requeue state, use it for the\nfollowing wakeup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39977",
"url": "https://www.suse.com/security/cve/CVE-2025-39977"
},
{
"category": "external",
"summary": "SUSE Bug 1252046 for CVE-2025-39977",
"url": "https://bugzilla.suse.com/1252046"
},
{
"category": "external",
"summary": "SUSE Bug 1252048 for CVE-2025-39977",
"url": "https://bugzilla.suse.com/1252048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-39977"
},
{
"cve": "CVE-2025-40006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix folio is still mapped when deleted\n\nMigration may be raced with fallocating hole. remove_inode_single_folio\nwill unmap the folio if the folio is still mapped. However, it\u0027s called\nwithout folio lock. If the folio is migrated and the mapped pte has been\nconverted to migration entry, folio_mapped() returns false, and won\u0027t\nunmap it. Due to extra refcount held by remove_inode_single_folio,\nmigration fails, restores migration entry to normal pte, and the folio is\nmapped again. As a result, we triggered BUG in filemap_unaccount_folio.\n\nThe log is as follows:\n BUG: Bad page cache in process hugetlb pfn:156c00\n page: refcount:515 mapcount:0 mapping:0000000099fef6e1 index:0x0 pfn:0x156c00\n head: order:9 mapcount:1 entire_mapcount:1 nr_pages_mapped:0 pincount:0\n aops:hugetlbfs_aops ino:dcc dentry name(?):\"my_hugepage_file\"\n flags: 0x17ffffc00000c1(locked|waiters|head|node=0|zone=2|lastcpupid=0x1fffff)\n page_type: f4(hugetlb)\n page dumped because: still mapped when deleted\n CPU: 1 UID: 0 PID: 395 Comm: hugetlb Not tainted 6.17.0-rc5-00044-g7aac71907bde-dirty #484 NONE\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4f/0x70\n filemap_unaccount_folio+0xc4/0x1c0\n __filemap_remove_folio+0x38/0x1c0\n filemap_remove_folio+0x41/0xd0\n remove_inode_hugepages+0x142/0x250\n hugetlbfs_fallocate+0x471/0x5a0\n vfs_fallocate+0x149/0x380\n\nHold folio lock before checking if the folio is mapped to avold race with\nmigration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40006",
"url": "https://www.suse.com/security/cve/CVE-2025-40006"
},
{
"category": "external",
"summary": "SUSE Bug 1252342 for CVE-2025-40006",
"url": "https://bugzilla.suse.com/1252342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40006"
},
{
"cve": "CVE-2025-40024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: Take a reference on the task in struct vhost_task.\n\nvhost_task_create() creates a task and keeps a reference to its\ntask_struct. That task may exit early via a signal and its task_struct\nwill be released.\nA pending vhost_task_wake() will then attempt to wake the task and\naccess a task_struct which is no longer there.\n\nAcquire a reference on the task_struct while creating the thread and\nrelease the reference while the struct vhost_task itself is removed.\nIf the task exits early due to a signal, then the vhost_task_wake() will\nstill access a valid task_struct. The wake is safe and will be skipped\nin this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40024",
"url": "https://www.suse.com/security/cve/CVE-2025-40024"
},
{
"category": "external",
"summary": "SUSE Bug 1252686 for CVE-2025-40024",
"url": "https://bugzilla.suse.com/1252686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40024"
},
{
"cve": "CVE-2025-40033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()\n\npru_rproc_set_ctable() accessed rproc-\u003epriv before the IS_ERR_OR_NULL\ncheck, which could lead to a null pointer dereference. Move the pru\nassignment, ensuring we never dereference a NULL rproc pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40033",
"url": "https://www.suse.com/security/cve/CVE-2025-40033"
},
{
"category": "external",
"summary": "SUSE Bug 1252824 for CVE-2025-40033",
"url": "https://bugzilla.suse.com/1252824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40033"
},
{
"cve": "CVE-2025-40042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race condition in kprobe initialization causing NULL pointer dereference\n\nThere is a critical race condition in kprobe initialization that can lead to\nNULL pointer dereference and kernel crash.\n\n[1135630.084782] Unable to handle kernel paging request at virtual address 0000710a04630000\n...\n[1135630.260314] pstate: 404003c9 (nZcv DAIF +PAN -UAO)\n[1135630.269239] pc : kprobe_perf_func+0x30/0x260\n[1135630.277643] lr : kprobe_dispatcher+0x44/0x60\n[1135630.286041] sp : ffffaeff4977fa40\n[1135630.293441] x29: ffffaeff4977fa40 x28: ffffaf015340e400\n[1135630.302837] x27: 0000000000000000 x26: 0000000000000000\n[1135630.312257] x25: ffffaf029ed108a8 x24: ffffaf015340e528\n[1135630.321705] x23: ffffaeff4977fc50 x22: ffffaeff4977fc50\n[1135630.331154] x21: 0000000000000000 x20: ffffaeff4977fc50\n[1135630.340586] x19: ffffaf015340e400 x18: 0000000000000000\n[1135630.349985] x17: 0000000000000000 x16: 0000000000000000\n[1135630.359285] x15: 0000000000000000 x14: 0000000000000000\n[1135630.368445] x13: 0000000000000000 x12: 0000000000000000\n[1135630.377473] x11: 0000000000000000 x10: 0000000000000000\n[1135630.386411] x9 : 0000000000000000 x8 : 0000000000000000\n[1135630.395252] x7 : 0000000000000000 x6 : 0000000000000000\n[1135630.403963] x5 : 0000000000000000 x4 : 0000000000000000\n[1135630.412545] x3 : 0000710a04630000 x2 : 0000000000000006\n[1135630.421021] x1 : ffffaeff4977fc50 x0 : 0000710a04630000\n[1135630.429410] Call trace:\n[1135630.434828] kprobe_perf_func+0x30/0x260\n[1135630.441661] kprobe_dispatcher+0x44/0x60\n[1135630.448396] aggr_pre_handler+0x70/0xc8\n[1135630.454959] kprobe_breakpoint_handler+0x140/0x1e0\n[1135630.462435] brk_handler+0xbc/0xd8\n[1135630.468437] do_debug_exception+0x84/0x138\n[1135630.475074] el1_dbg+0x18/0x8c\n[1135630.480582] security_file_permission+0x0/0xd0\n[1135630.487426] vfs_write+0x70/0x1c0\n[1135630.493059] ksys_write+0x5c/0xc8\n[1135630.498638] __arm64_sys_write+0x24/0x30\n[1135630.504821] el0_svc_common+0x78/0x130\n[1135630.510838] el0_svc_handler+0x38/0x78\n[1135630.516834] el0_svc+0x8/0x1b0\n\nkernel/trace/trace_kprobe.c: 1308\n0xffff3df8995039ec \u003ckprobe_perf_func+0x2c\u003e: ldr x21, [x24,#120]\ninclude/linux/compiler.h: 294\n0xffff3df8995039f0 \u003ckprobe_perf_func+0x30\u003e: ldr x1, [x21,x0]\n\nkernel/trace/trace_kprobe.c\n1308: head = this_cpu_ptr(call-\u003eperf_events);\n1309: if (hlist_empty(head))\n1310: \treturn 0;\n\ncrash\u003e struct trace_event_call -o\nstruct trace_event_call {\n ...\n [120] struct hlist_head *perf_events; //(call-\u003eperf_event)\n ...\n}\n\ncrash\u003e struct trace_event_call ffffaf015340e528\nstruct trace_event_call {\n ...\n perf_events = 0xffff0ad5fa89f088, //this value is correct, but x21 = 0\n ...\n}\n\nRace Condition Analysis:\n\nThe race occurs between kprobe activation and perf_events initialization:\n\n CPU0 CPU1\n ==== ====\n perf_kprobe_init\n perf_trace_event_init\n tp_event-\u003eperf_events = list;(1)\n tp_event-\u003eclass-\u003ereg (2)\u003c- KPROBE ACTIVE\n Debug exception triggers\n ...\n kprobe_dispatcher\n kprobe_perf_func (tk-\u003etp.flags \u0026 TP_FLAG_PROFILE)\n head = this_cpu_ptr(call-\u003eperf_events)(3)\n (perf_events is still NULL)\n\nProblem:\n1. CPU0 executes (1) assigning tp_event-\u003eperf_events = list\n2. CPU0 executes (2) enabling kprobe functionality via class-\u003ereg()\n3. CPU1 triggers and reaches kprobe_dispatcher\n4. CPU1 checks TP_FLAG_PROFILE - condition passes (step 2 completed)\n5. CPU1 calls kprobe_perf_func() and crashes at (3) because\n call-\u003eperf_events is still NULL\n\nCPU1 sees that kprobe functionality is enabled but does not see that\nperf_events has been assigned.\n\nAdd pairing read an\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40042",
"url": "https://www.suse.com/security/cve/CVE-2025-40042"
},
{
"category": "external",
"summary": "SUSE Bug 1252861 for CVE-2025-40042",
"url": "https://bugzilla.suse.com/1252861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40042"
},
{
"cve": "CVE-2025-40053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dlink: handle copy_thresh allocation failure\n\nThe driver did not handle failure of `netdev_alloc_skb_ip_align()`.\nIf the allocation failed, dereferencing `skb-\u003eprotocol` could lead to\na NULL pointer dereference.\n\nThis patch tries to allocate `skb`. If the allocation fails, it falls\nback to the normal path.\n\nTested-on: D-Link DGE-550T Rev-A3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40053",
"url": "https://www.suse.com/security/cve/CVE-2025-40053"
},
{
"category": "external",
"summary": "SUSE Bug 1252808 for CVE-2025-40053",
"url": "https://bugzilla.suse.com/1252808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40053"
},
{
"cve": "CVE-2025-40081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm_spe: Prevent overflow in PERF_IDX2OFF()\n\nCast nr_pages to unsigned long to avoid overflow when handling large\nAUX buffer sizes (\u003e= 2 GiB).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40081",
"url": "https://www.suse.com/security/cve/CVE-2025-40081"
},
{
"category": "external",
"summary": "SUSE Bug 1252776 for CVE-2025-40081",
"url": "https://bugzilla.suse.com/1252776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40081"
},
{
"cve": "CVE-2025-40102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Prevent access to vCPU events before init\n\nAnother day, another syzkaller bug. KVM erroneously allows userspace to\npend vCPU events for a vCPU that hasn\u0027t been initialized yet, leading to\nKVM interpreting a bunch of uninitialized garbage for routing /\ninjecting the exception.\n\nIn one case the injection code and the hyp disagree on whether the vCPU\nhas a 32bit EL1 and put the vCPU into an illegal mode for AArch64,\ntripping the BUG() in exception_target_el() during the next injection:\n\n kernel BUG at arch/arm64/kvm/inject_fault.c:40!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 3 UID: 0 PID: 318 Comm: repro Not tainted 6.17.0-rc4-00104-g10fd0285305d #6 PREEMPT\n Hardware name: linux,dummy-virt (DT)\n pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : exception_target_el+0x88/0x8c\n lr : pend_serror_exception+0x18/0x13c\n sp : ffff800082f03a10\n x29: ffff800082f03a10 x28: ffff0000cb132280 x27: 0000000000000000\n x26: 0000000000000000 x25: ffff0000c2a99c20 x24: 0000000000000000\n x23: 0000000000008000 x22: 0000000000000002 x21: 0000000000000004\n x20: 0000000000008000 x19: ffff0000c2a99c20 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 00000000200000c0\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : ffff800082f03af8 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : ffff800080f621f0 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 000000000040009b x1 : 0000000000000003 x0 : ffff0000c2a99c20\n Call trace:\n exception_target_el+0x88/0x8c (P)\n kvm_inject_serror_esr+0x40/0x3b4\n __kvm_arm_vcpu_set_events+0xf0/0x100\n kvm_arch_vcpu_ioctl+0x180/0x9d4\n kvm_vcpu_ioctl+0x60c/0x9f4\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xf0\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\n Code: f946bc01 b4fffe61 9101e020 17fffff2 (d4210000)\n\nReject the ioctls outright as no sane VMM would call these before\nKVM_ARM_VCPU_INIT anyway. Even if it did the exception would\u0027ve been\nthrown away by the eventual reset of the vCPU\u0027s state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40102",
"url": "https://www.suse.com/security/cve/CVE-2025-40102"
},
{
"category": "external",
"summary": "SUSE Bug 1252919 for CVE-2025-40102",
"url": "https://bugzilla.suse.com/1252919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40102"
},
{
"cve": "CVE-2025-40123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Enforce expected_attach_type for tailcall compatibility\n\nYinhao et al. recently reported:\n\n Our fuzzer tool discovered an uninitialized pointer issue in the\n bpf_prog_test_run_xdp() function within the Linux kernel\u0027s BPF subsystem.\n This leads to a NULL pointer dereference when a BPF program attempts to\n deference the txq member of struct xdp_buff object.\n\nThe test initializes two programs of BPF_PROG_TYPE_XDP: progA acts as the\nentry point for bpf_prog_test_run_xdp() and its expected_attach_type can\nneither be of be BPF_XDP_DEVMAP nor BPF_XDP_CPUMAP. progA calls into a slot\nof a tailcall map it owns. progB\u0027s expected_attach_type must be BPF_XDP_DEVMAP\nto pass xdp_is_valid_access() validation. The program returns struct xdp_md\u0027s\negress_ifindex, and the latter is only allowed to be accessed under mentioned\nexpected_attach_type. progB is then inserted into the tailcall which progA\ncalls.\n\nThe underlying issue goes beyond XDP though. Another example are programs\nof type BPF_PROG_TYPE_CGROUP_SOCK_ADDR. sock_addr_is_valid_access() as well\nas sock_addr_func_proto() have different logic depending on the programs\u0027\nexpected_attach_type. Similarly, a program attached to BPF_CGROUP_INET4_GETPEERNAME\nshould not be allowed doing a tailcall into a program which calls bpf_bind()\nout of BPF which is only enabled for BPF_CGROUP_INET4_CONNECT.\n\nIn short, specifying expected_attach_type allows to open up additional\nfunctionality or restrictions beyond what the basic bpf_prog_type enables.\nThe use of tailcalls must not violate these constraints. Fix it by enforcing\nexpected_attach_type in __bpf_prog_map_compatible().\n\nNote that we only enforce this for tailcall maps, but not for BPF devmaps or\ncpumaps: There, the programs are invoked through dev_map_bpf_prog_run*() and\ncpu_map_bpf_prog_run*() which set up a new environment / context and therefore\nthese situations are not prone to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40123",
"url": "https://www.suse.com/security/cve/CVE-2025-40123"
},
{
"category": "external",
"summary": "SUSE Bug 1253365 for CVE-2025-40123",
"url": "https://bugzilla.suse.com/1253365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40123"
},
{
"cve": "CVE-2025-40134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix NULL pointer dereference in __dm_suspend()\n\nThere is a race condition between dm device suspend and table load that\ncan lead to null pointer dereference. The issue occurs when suspend is\ninvoked before table load completes:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000054\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nRIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50\nCall Trace:\n \u003cTASK\u003e\n blk_mq_quiesce_queue+0x2c/0x50\n dm_stop_queue+0xd/0x20\n __dm_suspend+0x130/0x330\n dm_suspend+0x11a/0x180\n dev_suspend+0x27e/0x560\n ctl_ioctl+0x4cf/0x850\n dm_ctl_ioctl+0xd/0x20\n vfs_ioctl+0x1d/0x50\n __se_sys_ioctl+0x9b/0xc0\n __x64_sys_ioctl+0x19/0x30\n x64_sys_call+0x2c4a/0x4620\n do_syscall_64+0x9e/0x1b0\n\nThe issue can be triggered as below:\n\nT1 \t\t\t\t\t\tT2\ndm_suspend\t\t\t\t\ttable_load\n__dm_suspend\t\t\t\t\tdm_setup_md_queue\n\t\t\t\t\t\tdm_mq_init_request_queue\n\t\t\t\t\t\tblk_mq_init_allocated_queue\n\t\t\t\t\t\t=\u003e q-\u003emq_ops = set-\u003eops; (1)\ndm_stop_queue / dm_wait_for_completion\n=\u003e q-\u003etag_set NULL pointer!\t(2)\n\t\t\t\t\t\t=\u003e q-\u003etag_set = set; (3)\n\nFix this by checking if a valid table (map) exists before performing\nrequest-based suspend and waiting for target I/O. When map is NULL,\nskip these table-dependent suspend steps.\n\nEven when map is NULL, no I/O can reach any target because there is\nno table loaded; I/O submitted in this state will fail early in the\nDM layer. Skipping the table-dependent suspend logic in this case\nis safe and avoids NULL pointer dereferences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40134",
"url": "https://www.suse.com/security/cve/CVE-2025-40134"
},
{
"category": "external",
"summary": "SUSE Bug 1253386 for CVE-2025-40134",
"url": "https://bugzilla.suse.com/1253386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40134"
},
{
"cve": "CVE-2025-40135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU in ip6_xmit()\n\nUse RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent\npossible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40135",
"url": "https://www.suse.com/security/cve/CVE-2025-40135"
},
{
"category": "external",
"summary": "SUSE Bug 1253342 for CVE-2025-40135",
"url": "https://bugzilla.suse.com/1253342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40135"
},
{
"cve": "CVE-2025-40153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: hugetlb: avoid soft lockup when mprotect to large memory area\n\nWhen calling mprotect() to a large hugetlb memory area in our customer\u0027s\nworkload (~300GB hugetlb memory), soft lockup was observed:\n\nwatchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]\n\nCPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7\nHardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025\npstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mte_clear_page_tags+0x14/0x24\nlr : mte_sync_tags+0x1c0/0x240\nsp : ffff80003150bb80\nx29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000\nx26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458\nx23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000\nx20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000\nx2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000\n\nCall trace:\n mte_clear_page_tags+0x14/0x24\n set_huge_pte_at+0x25c/0x280\n hugetlb_change_protection+0x220/0x430\n change_protection+0x5c/0x8c\n mprotect_fixup+0x10c/0x294\n do_mprotect_pkey.constprop.0+0x2e0/0x3d4\n __arm64_sys_mprotect+0x24/0x44\n invoke_syscall+0x50/0x160\n el0_svc_common+0x48/0x144\n do_el0_svc+0x30/0xe0\n el0_svc+0x30/0xf0\n el0t_64_sync_handler+0xc4/0x148\n el0t_64_sync+0x1a4/0x1a8\n\nSoft lockup is not triggered with THP or base page because there is\ncond_resched() called for each PMD size.\n\nAlthough the soft lockup was triggered by MTE, it should be not MTE\nspecific. The other processing which takes long time in the loop may\ntrigger soft lockup too.\n\nSo add cond_resched() for hugetlb to avoid soft lockup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40153",
"url": "https://www.suse.com/security/cve/CVE-2025-40153"
},
{
"category": "external",
"summary": "SUSE Bug 1253408 for CVE-2025-40153",
"url": "https://bugzilla.suse.com/1253408"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2025-40153"
},
{
"cve": "CVE-2025-40158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU in ip6_output()\n\nUse RCU in ip6_output() in order to use dst_dev_rcu() to prevent\npossible UAF.\n\nWe can remove rcu_read_lock()/rcu_read_unlock() pairs\nfrom ip6_finish_output2().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40158",
"url": "https://www.suse.com/security/cve/CVE-2025-40158"
},
{
"category": "external",
"summary": "SUSE Bug 1253402 for CVE-2025-40158",
"url": "https://bugzilla.suse.com/1253402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40158"
},
{
"cve": "CVE-2025-40160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: Return -EEXIST for bound VIRQs\n\nChange find_virq() to return -EEXIST when a VIRQ is bound to a\ndifferent CPU than the one passed in. With that, remove the BUG_ON()\nfrom bind_virq_to_irq() to propogate the error upwards.\n\nSome VIRQs are per-cpu, but others are per-domain or global. Those must\nbe bound to CPU0 and can then migrate elsewhere. The lookup for\nper-domain and global will probably fail when migrated off CPU 0,\nespecially when the current CPU is tracked. This now returns -EEXIST\ninstead of BUG_ON().\n\nA second call to bind a per-domain or global VIRQ is not expected, but\nmake it non-fatal to avoid trying to look up the irq, since we don\u0027t\nknow which per_cpu(virq_to_irq) it will be in.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40160",
"url": "https://www.suse.com/security/cve/CVE-2025-40160"
},
{
"category": "external",
"summary": "SUSE Bug 1253400 for CVE-2025-40160",
"url": "https://bugzilla.suse.com/1253400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2025-40160"
},
{
"cve": "CVE-2025-40167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: detect invalid INLINE_DATA + EXTENTS flag combination\n\nsyzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity\nfile on a corrupted ext4 filesystem mounted without a journal.\n\nThe issue is that the filesystem has an inode with both the INLINE_DATA\nand EXTENTS flags set:\n\n EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15:\n comm syz.0.17: corrupted extent tree: lblk 0 \u003c prev 66\n\nInvestigation revealed that the inode has both flags set:\n DEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1\n\nThis is an invalid combination since an inode should have either:\n- INLINE_DATA: data stored directly in the inode\n- EXTENTS: data stored in extent-mapped blocks\n\nHaving both flags causes ext4_has_inline_data() to return true, skipping\nextent tree validation in __ext4_iget(). The unvalidated out-of-order\nextents then trigger a BUG_ON in ext4_es_cache_extent() due to integer\nunderflow when calculating hole sizes.\n\nFix this by detecting this invalid flag combination early in ext4_iget()\nand rejecting the corrupted inode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40167",
"url": "https://www.suse.com/security/cve/CVE-2025-40167"
},
{
"category": "external",
"summary": "SUSE Bug 1253458 for CVE-2025-40167",
"url": "https://bugzilla.suse.com/1253458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40167"
},
{
"cve": "CVE-2025-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use dst_dev_rcu() in sk_setup_caps()\n\nUse RCU to protect accesses to dst-\u003edev from sk_setup_caps()\nand sk_dst_gso_max_size().\n\nAlso use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(),\nand ip_dst_mtu_maybe_forward().\n\nip4_dst_hoplimit() can use dst_dev_net_rcu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40170",
"url": "https://www.suse.com/security/cve/CVE-2025-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1253413 for CVE-2025-40170",
"url": "https://bugzilla.suse.com/1253413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40170"
},
{
"cve": "CVE-2025-40178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: Add a judgment for ns null in pid_nr_ns\n\n__task_pid_nr_ns\n ns = task_active_pid_ns(current);\n pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\n if (pid \u0026\u0026 ns-\u003elevel \u003c= pid-\u003elevel) {\n\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\n\nFor example:\n\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n\tMem abort info:\n\tESR = 0x0000000096000007\n\tEC = 0x25: DABT (current EL), IL = 32 bits\n\tSET = 0, FnV = 0\n\tEA = 0, S1PTW = 0\n\tFSC = 0x07: level 3 translation fault\n\tData abort info:\n\tISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n\tCM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\tGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\tuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\n\t[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\n\tpstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n\tpc : __task_pid_nr_ns+0x74/0xd0\n\tlr : __task_pid_nr_ns+0x24/0xd0\n\tsp : ffffffc08001bd10\n\tx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\n\tx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\n\tx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\n\tx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\n\tx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\n\tx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\n\tx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\n\tx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\n\tx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\n\tx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\n\tCall trace:\n\t__task_pid_nr_ns+0x74/0xd0\n\t...\n\t__handle_irq_event_percpu+0xd4/0x284\n\thandle_irq_event+0x48/0xb0\n\thandle_fasteoi_irq+0x160/0x2d8\n\tgeneric_handle_domain_irq+0x44/0x60\n\tgic_handle_irq+0x4c/0x114\n\tcall_on_irq_stack+0x3c/0x74\n\tdo_interrupt_handler+0x4c/0x84\n\tel1_interrupt+0x34/0x58\n\tel1h_64_irq_handler+0x18/0x24\n\tel1h_64_irq+0x68/0x6c\n\taccount_kernel_stack+0x60/0x144\n\texit_task_stack_account+0x1c/0x80\n\tdo_exit+0x7e4/0xaf8\n\t...\n\tget_signal+0x7bc/0x8d8\n\tdo_notify_resume+0x128/0x828\n\tel0_svc+0x6c/0x70\n\tel0t_64_sync_handler+0x68/0xbc\n\tel0t_64_sync+0x1a8/0x1ac\n\tCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\n\t---[ end trace 0000000000000000 ]---\n\tKernel panic - not syncing: Oops: Fatal exception in interrupt",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40178",
"url": "https://www.suse.com/security/cve/CVE-2025-40178"
},
{
"category": "external",
"summary": "SUSE Bug 1253463 for CVE-2025-40178",
"url": "https://bugzilla.suse.com/1253463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40178"
},
{
"cve": "CVE-2025-40179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: verify orphan file size is not too big\n\nIn principle orphan file can be arbitrarily large. However orphan replay\nneeds to traverse it all and we also pin all its buffers in memory. Thus\nfilesystems with absurdly large orphan files can lead to big amounts of\nmemory consumed. Limit orphan file size to a sane value and also use\nkvmalloc() for allocating array of block descriptor structures to avoid\nlarge order allocations for sane but large orphan files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40179",
"url": "https://www.suse.com/security/cve/CVE-2025-40179"
},
{
"category": "external",
"summary": "SUSE Bug 1253442 for CVE-2025-40179",
"url": "https://bugzilla.suse.com/1253442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40179"
},
{
"cve": "CVE-2025-40187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()\n\nIf new_asoc-\u003epeer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0\nand sctp_ulpevent_make_authkey() returns 0, then the variable\nai_ev remains zero and the zero will be dereferenced\nin the sctp_ulpevent_free() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40187",
"url": "https://www.suse.com/security/cve/CVE-2025-40187"
},
{
"category": "external",
"summary": "SUSE Bug 1253647 for CVE-2025-40187",
"url": "https://bugzilla.suse.com/1253647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40187"
},
{
"cve": "CVE-2025-40190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: guard against EA inode refcount underflow in xattr update\n\nsyzkaller found a path where ext4_xattr_inode_update_ref() reads an EA\ninode refcount that is already \u003c= 0 and then applies ref_change (often\n-1). That lets the refcount underflow and we proceed with a bogus value,\ntriggering errors like:\n\n EXT4-fs error: EA inode \u003cn\u003e ref underflow: ref_count=-1 ref_change=-1\n EXT4-fs warning: ea_inode dec ref err=-117\n\nMake the invariant explicit: if the current refcount is non-positive,\ntreat this as on-disk corruption, emit ext4_error_inode(), and fail the\noperation with -EFSCORRUPTED instead of updating the refcount. Delete the\nWARN_ONCE() as negative refcounts are now impossible; keep error reporting\nin ext4_error_inode().\n\nThis prevents the underflow and the follow-on orphan/cleanup churn.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40190",
"url": "https://www.suse.com/security/cve/CVE-2025-40190"
},
{
"category": "external",
"summary": "SUSE Bug 1253623 for CVE-2025-40190",
"url": "https://bugzilla.suse.com/1253623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40190"
},
{
"cve": "CVE-2025-40211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: video: Fix use-after-free in acpi_video_switch_brightness()\n\nThe switch_brightness_work delayed work accesses device-\u003ebrightness\nand device-\u003ebacklight, freed by acpi_video_dev_unregister_backlight()\nduring device removal.\n\nIf the work executes after acpi_video_bus_unregister_backlight()\nfrees these resources, it causes a use-after-free when\nacpi_video_switch_brightness() dereferences device-\u003ebrightness or\ndevice-\u003ebacklight.\n\nFix this by calling cancel_delayed_work_sync() for each device\u0027s\nswitch_brightness_work in acpi_video_bus_remove_notify_handler()\nafter removing the notify handler that queues the work. This ensures\nthe work completes before the memory is freed.\n\n[ rjw: Changelog edit ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40211",
"url": "https://www.suse.com/security/cve/CVE-2025-40211"
},
{
"category": "external",
"summary": "SUSE Bug 1254126 for CVE-2025-40211",
"url": "https://bugzilla.suse.com/1254126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40211"
},
{
"cve": "CVE-2025-40213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40213"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete\n\nThere is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to\nmemcpy from badly declared on-stack flexible array.\n\nAnother crash is in set_mesh_complete() due to double list_del via\nmgmt_pending_valid + mgmt_pending_remove.\n\nUse DEFINE_FLEX to declare the flexible array right, and don\u0027t memcpy\noutside bounds.\n\nAs mgmt_pending_valid removes the cmd from list, use mgmt_pending_free,\nand also report status on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40213",
"url": "https://www.suse.com/security/cve/CVE-2025-40213"
},
{
"category": "external",
"summary": "SUSE Bug 1253674 for CVE-2025-40213",
"url": "https://bugzilla.suse.com/1253674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40213"
},
{
"cve": "CVE-2025-40215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: delete x-\u003etunnel as we delete x\n\nThe ipcomp fallback tunnels currently get deleted (from the various\nlists and hashtables) as the last user state that needed that fallback\nis destroyed (not deleted). If a reference to that user state still\nexists, the fallback state will remain on the hashtables/lists,\ntriggering the WARN in xfrm_state_fini. Because of those remaining\nreferences, the fix in commit f75a2804da39 (\"xfrm: destroy xfrm_state\nsynchronously on net exit path\") is not complete.\n\nWe recently fixed one such situation in TCP due to defered freeing of\nskbs (commit 9b6412e6979f (\"tcp: drop secpath at the same time as we\ncurrently drop dst\")). This can also happen due to IP reassembly: skbs\nwith a secpath remain on the reassembly queue until netns\ndestruction. If we can\u0027t guarantee that the queues are flushed by the\ntime xfrm_state_fini runs, there may still be references to a (user)\nxfrm_state, preventing the timely deletion of the corresponding\nfallback state.\n\nInstead of chasing each instance of skbs holding a secpath one by one,\nthis patch fixes the issue directly within xfrm, by deleting the\nfallback state as soon as the last user state depending on it has been\ndeleted. Destruction will still happen when the final reference is\ndropped.\n\nA separate lockdep class for the fallback state is required since\nwe\u0027re going to lock x-\u003etunnel while x is locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40215",
"url": "https://www.suse.com/security/cve/CVE-2025-40215"
},
{
"category": "external",
"summary": "SUSE Bug 1254959 for CVE-2025-40215",
"url": "https://bugzilla.suse.com/1254959"
},
{
"category": "external",
"summary": "SUSE Bug 1255054 for CVE-2025-40215",
"url": "https://bugzilla.suse.com/1255054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40215"
},
{
"cve": "CVE-2025-40219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40219"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV\n\nBefore disabling SR-IOV via config space accesses to the parent PF,\nsriov_disable() first removes the PCI devices representing the VFs.\n\nSince commit 9d16947b7583 (\"PCI: Add global pci_lock_rescan_remove()\")\nsuch removal operations are serialized against concurrent remove and\nrescan using the pci_rescan_remove_lock. No such locking was ever added\nin sriov_disable() however. In particular when commit 18f9e9d150fc\n(\"PCI/IOV: Factor out sriov_add_vfs()\") factored out the PCI device\nremoval into sriov_del_vfs() there was still no locking around the\npci_iov_remove_virtfn() calls.\n\nOn s390 the lack of serialization in sriov_disable() may cause double\nremove and list corruption with the below (amended) trace being observed:\n\n PSW: 0704c00180000000 0000000c914e4b38 (klist_put+56)\n GPRS: 000003800313fb48 0000000000000000 0000000100000001 0000000000000001\n\t00000000f9b520a8 0000000000000000 0000000000002fbd 00000000f4cc9480\n\t0000000000000001 0000000000000000 0000000000000000 0000000180692828\n\t00000000818e8000 000003800313fe2c 000003800313fb20 000003800313fad8\n #0 [3800313fb20] device_del at c9158ad5c\n #1 [3800313fb88] pci_remove_bus_device at c915105ba\n #2 [3800313fbd0] pci_iov_remove_virtfn at c9152f198\n #3 [3800313fc28] zpci_iov_remove_virtfn at c90fb67c0\n #4 [3800313fc60] zpci_bus_remove_device at c90fb6104\n #5 [3800313fca0] __zpci_event_availability at c90fb3dca\n #6 [3800313fd08] chsc_process_sei_nt0 at c918fe4a2\n #7 [3800313fd60] crw_collect_info at c91905822\n #8 [3800313fe10] kthread at c90feb390\n #9 [3800313fe68] __ret_from_fork at c90f6aa64\n #10 [3800313fe98] ret_from_fork at c9194f3f2.\n\nThis is because in addition to sriov_disable() removing the VFs, the\nplatform also generates hot-unplug events for the VFs. This being the\nreverse operation to the hotplug events generated by sriov_enable() and\nhandled via pdev-\u003eno_vf_scan. And while the event processing takes\npci_rescan_remove_lock and checks whether the struct pci_dev still exists,\nthe lack of synchronization makes this checking racy.\n\nOther races may also be possible of course though given that this lack of\nlocking persisted so long observable races seem very rare. Even on s390 the\nlist corruption was only observed with certain devices since the platform\nevents are only triggered by config accesses after the removal, so as long\nas the removal finished synchronously they would not race. Either way the\nlocking is missing so fix this by adding it to the sriov_del_vfs() helper.\n\nJust like PCI rescan-remove, locking is also missing in sriov_add_vfs()\nincluding for the error case where pci_stop_and_remove_bus_device() is\ncalled without the PCI rescan-remove lock being held. Even in the non-error\ncase, adding new PCI devices and buses should be serialized via the PCI\nrescan-remove lock. Add the necessary locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40219",
"url": "https://www.suse.com/security/cve/CVE-2025-40219"
},
{
"category": "external",
"summary": "SUSE Bug 1254518 for CVE-2025-40219",
"url": "https://bugzilla.suse.com/1254518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40219"
},
{
"cve": "CVE-2025-40220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix livelock in synchronous file put from fuseblk workers\n\nI observed a hang when running generic/323 against a fuseblk server.\nThis test opens a file, initiates a lot of AIO writes to that file\ndescriptor, and closes the file descriptor before the writes complete.\nUnsurprisingly, the AIO exerciser threads are mostly stuck waiting for\nresponses from the fuseblk server:\n\n# cat /proc/372265/task/372313/stack\n[\u003c0\u003e] request_wait_answer+0x1fe/0x2a0 [fuse]\n[\u003c0\u003e] __fuse_simple_request+0xd3/0x2b0 [fuse]\n[\u003c0\u003e] fuse_do_getattr+0xfc/0x1f0 [fuse]\n[\u003c0\u003e] fuse_file_read_iter+0xbe/0x1c0 [fuse]\n[\u003c0\u003e] aio_read+0x130/0x1e0\n[\u003c0\u003e] io_submit_one+0x542/0x860\n[\u003c0\u003e] __x64_sys_io_submit+0x98/0x1a0\n[\u003c0\u003e] do_syscall_64+0x37/0xf0\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nBut the /weird/ part is that the fuseblk server threads are waiting for\nresponses from itself:\n\n# cat /proc/372210/task/372232/stack\n[\u003c0\u003e] request_wait_answer+0x1fe/0x2a0 [fuse]\n[\u003c0\u003e] __fuse_simple_request+0xd3/0x2b0 [fuse]\n[\u003c0\u003e] fuse_file_put+0x9a/0xd0 [fuse]\n[\u003c0\u003e] fuse_release+0x36/0x50 [fuse]\n[\u003c0\u003e] __fput+0xec/0x2b0\n[\u003c0\u003e] task_work_run+0x55/0x90\n[\u003c0\u003e] syscall_exit_to_user_mode+0xe9/0x100\n[\u003c0\u003e] do_syscall_64+0x43/0xf0\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe fuseblk server is fuse2fs so there\u0027s nothing all that exciting in\nthe server itself. So why is the fuse server calling fuse_file_put?\nThe commit message for the fstest sheds some light on that:\n\n\"By closing the file descriptor before calling io_destroy, you pretty\nmuch guarantee that the last put on the ioctx will be done in interrupt\ncontext (during I/O completion).\n\nAha. AIO fgets a new struct file from the fd when it queues the ioctx.\nThe completion of the FUSE_WRITE command from userspace causes the fuse\nserver to call the AIO completion function. The completion puts the\nstruct file, queuing a delayed fput to the fuse server task. When the\nfuse server task returns to userspace, it has to run the delayed fput,\nwhich in the case of a fuseblk server, it does synchronously.\n\nSending the FUSE_RELEASE command sychronously from fuse server threads\nis a bad idea because a client program can initiate enough simultaneous\nAIOs such that all the fuse server threads end up in delayed_fput, and\nnow there aren\u0027t any threads left to handle the queued fuse commands.\n\nFix this by only using asynchronous fputs when closing files, and leave\na comment explaining why.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40220",
"url": "https://www.suse.com/security/cve/CVE-2025-40220"
},
{
"category": "external",
"summary": "SUSE Bug 1254520 for CVE-2025-40220",
"url": "https://bugzilla.suse.com/1254520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40220"
},
{
"cve": "CVE-2025-40223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: usb: Fix use-after-free in hdm_disconnect\n\nhdm_disconnect() calls most_deregister_interface(), which eventually\nunregisters the MOST interface device with device_unregister(iface-\u003edev).\nIf that drops the last reference, the device core may call release_mdev()\nimmediately while hdm_disconnect() is still executing.\n\nThe old code also freed several mdev-owned allocations in\nhdm_disconnect() and then performed additional put_device() calls.\nDepending on refcount order, this could lead to use-after-free or\ndouble-free when release_mdev() ran (or when unregister paths also\nperformed puts).\n\nFix by moving the frees of mdev-owned allocations into release_mdev(),\nso they happen exactly once when the device is truly released, and by\ndropping the extra put_device() calls in hdm_disconnect() that are\nredundant after device_unregister() and most_deregister_interface().\n\nThis addresses the KASAN slab-use-after-free reported by syzbot in\nhdm_disconnect(). See report and stack traces in the bug link below.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40223",
"url": "https://www.suse.com/security/cve/CVE-2025-40223"
},
{
"category": "external",
"summary": "SUSE Bug 1254957 for CVE-2025-40223",
"url": "https://bugzilla.suse.com/1254957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40223"
},
{
"cve": "CVE-2025-40225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix kernel panic on partial unmap of a GPU VA region\n\nThis commit address a kernel panic issue that can happen if Userspace\ntries to partially unmap a GPU virtual region (aka drm_gpuva).\nThe VM_BIND interface allows partial unmapping of a BO.\n\nPanthor driver pre-allocates memory for the new drm_gpuva structures\nthat would be needed for the map/unmap operation, done using drm_gpuvm\nlayer. It expected that only one new drm_gpuva would be needed on umap\nbut a partial unmap can require 2 new drm_gpuva and that\u0027s why it\nended up doing a NULL pointer dereference causing a kernel panic.\n\nFollowing dump was seen when partial unmap was exercised.\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000078\n Mem abort info:\n ESR = 0x0000000096000046\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000\n CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=000000088a863000\n [000000000000078] pgd=080000088a842003, p4d=080000088a842003, pud=0800000884bf5003, pmd=0000000000000000\n Internal error: Oops: 0000000096000046 [#1] PREEMPT SMP\n \u003csnip\u003e\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]\n lr : panthor_gpuva_sm_step_remap+0x6c/0x330 [panthor]\n sp : ffff800085d43970\n x29: ffff800085d43970 x28: ffff00080363e440 x27: ffff0008090c6000\n x26: 0000000000000030 x25: ffff800085d439f8 x24: ffff00080d402000\n x23: ffff800085d43b60 x22: ffff800085d439e0 x21: ffff00080abdb180\n x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000010\n x17: 6e656c202c303030 x16: 3666666666646466 x15: 393d61766f69202c\n x14: 312d3d7361203a70 x13: 303030323d6e656c x12: ffff80008324bf58\n x11: 0000000000000003 x10: 0000000000000002 x9 : ffff8000801a6a9c\n x8 : ffff00080360b300 x7 : 0000000000000000 x6 : 000000088aa35fc7\n x5 : fff1000080000000 x4 : ffff8000842ddd30 x3 : 0000000000000001\n x2 : 0000000100000000 x1 : 0000000000000001 x0 : 0000000000000078\n Call trace:\n panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]\n op_remap_cb.isra.22+0x50/0x80\n __drm_gpuvm_sm_unmap+0x10c/0x1c8\n drm_gpuvm_sm_unmap+0x40/0x60\n panthor_vm_exec_op+0xb4/0x3d0 [panthor]\n panthor_vm_bind_exec_sync_op+0x154/0x278 [panthor]\n panthor_ioctl_vm_bind+0x160/0x4a0 [panthor]\n drm_ioctl_kernel+0xbc/0x138\n drm_ioctl+0x240/0x500\n __arm64_sys_ioctl+0xb0/0xf8\n invoke_syscall+0x4c/0x110\n el0_svc_common.constprop.1+0x98/0xf8\n do_el0_svc+0x24/0x38\n el0_svc+0x40/0xf8\n el0t_64_sync_handler+0xa0/0xc8\n el0t_64_sync+0x174/0x178",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40225",
"url": "https://www.suse.com/security/cve/CVE-2025-40225"
},
{
"category": "external",
"summary": "SUSE Bug 1254827 for CVE-2025-40225",
"url": "https://bugzilla.suse.com/1254827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40225"
},
{
"cve": "CVE-2025-40231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix lock inversion in vsock_assign_transport()\n\nSyzbot reported a potential lock inversion deadlock between\nvsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called.\n\nThe issue was introduced by commit 687aa0c5581b (\"vsock: Fix\ntransport_* TOCTOU\") which added vsock_register_mutex locking in\nvsock_assign_transport() around the transport-\u003erelease() call, that can\ncall vsock_linger(). vsock_assign_transport() can be called with sk_lock\nheld. vsock_linger() calls sk_wait_event() that temporarily releases and\nre-acquires sk_lock. During this window, if another thread hold\nvsock_register_mutex while trying to acquire sk_lock, a circular\ndependency is created.\n\nFix this by releasing vsock_register_mutex before calling\ntransport-\u003erelease() and vsock_deassign_transport(). This is safe\nbecause we don\u0027t need to hold vsock_register_mutex while releasing the\nold transport, and we ensure the new transport won\u0027t disappear by\nobtaining a module reference first via try_module_get().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40231",
"url": "https://www.suse.com/security/cve/CVE-2025-40231"
},
{
"category": "external",
"summary": "SUSE Bug 1254815 for CVE-2025-40231",
"url": "https://bugzilla.suse.com/1254815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40231"
},
{
"cve": "CVE-2025-40233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: clear extent cache after moving/defragmenting extents\n\nThe extent map cache can become stale when extents are moved or\ndefragmented, causing subsequent operations to see outdated extent flags. \nThis triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters().\n\nThe problem occurs when:\n1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED\n2. ioctl(FITRIM) triggers ocfs2_move_extents()\n3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2)\n4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent()\n which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0)\n5. The extent map cache is not invalidated after the move\n6. Later write() operations read stale cached flags (0x2) but disk has\n updated flags (0x0), causing a mismatch\n7. BUG_ON(!(rec-\u003ee_flags \u0026 OCFS2_EXT_REFCOUNTED)) triggers\n\nFix by clearing the extent map cache after each extent move/defrag\noperation in __ocfs2_move_extents_range(). This ensures subsequent\noperations read fresh extent data from disk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40233",
"url": "https://www.suse.com/security/cve/CVE-2025-40233"
},
{
"category": "external",
"summary": "SUSE Bug 1254813 for CVE-2025-40233",
"url": "https://bugzilla.suse.com/1254813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40233"
},
{
"cve": "CVE-2025-40240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: avoid NULL dereference when chunk data buffer is missing\n\nchunk-\u003eskb pointer is dereferenced in the if-block where it\u0027s supposed\nto be NULL only.\n\nchunk-\u003eskb can only be NULL if chunk-\u003ehead_skb is not. Check for frag_list\ninstead and do it just before replacing chunk-\u003eskb. We\u0027re sure that\notherwise chunk-\u003eskb is non-NULL because of outer if() condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40240",
"url": "https://www.suse.com/security/cve/CVE-2025-40240"
},
{
"category": "external",
"summary": "SUSE Bug 1254869 for CVE-2025-40240",
"url": "https://bugzilla.suse.com/1254869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40240"
},
{
"cve": "CVE-2025-40242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix unlikely race in gdlm_put_lock\n\nIn gdlm_put_lock(), there is a small window of time in which the\nDFL_UNMOUNT flag has been set but the lockspace hasn\u0027t been released,\nyet. In that window, dlm may still call gdlm_ast() and gdlm_bast().\nTo prevent it from dereferencing freed glock objects, only free the\nglock if the lockspace has actually been released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40242",
"url": "https://www.suse.com/security/cve/CVE-2025-40242"
},
{
"category": "external",
"summary": "SUSE Bug 1255075 for CVE-2025-40242",
"url": "https://bugzilla.suse.com/1255075"
},
{
"category": "external",
"summary": "SUSE Bug 1255076 for CVE-2025-40242",
"url": "https://bugzilla.suse.com/1255076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40242"
},
{
"cve": "CVE-2025-40244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n\nThe syzbot reported issue in __hfsplus_ext_cache_extent():\n\n[ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.195022][ T9350] __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.195530][ T9350] hfsplus_file_extend+0x74f/0x1cf0\n[ 70.195998][ T9350] hfsplus_get_block+0xe16/0x17b0\n[ 70.196458][ T9350] __block_write_begin_int+0x962/0x2ce0\n[ 70.196959][ T9350] cont_write_begin+0x1000/0x1950\n[ 70.197416][ T9350] hfsplus_write_begin+0x85/0x130\n[ 70.197873][ T9350] generic_perform_write+0x3e8/0x1060\n[ 70.198374][ T9350] __generic_file_write_iter+0x215/0x460\n[ 70.198892][ T9350] generic_file_write_iter+0x109/0x5e0\n[ 70.199393][ T9350] vfs_write+0xb0f/0x14e0\n[ 70.199771][ T9350] ksys_write+0x23e/0x490\n[ 70.200149][ T9350] __x64_sys_write+0x97/0xf0\n[ 70.200570][ T9350] x64_sys_call+0x3015/0x3cf0\n[ 70.201065][ T9350] do_syscall_64+0xd9/0x1d0\n[ 70.201506][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.202054][ T9350]\n[ 70.202279][ T9350] Uninit was created at:\n[ 70.202693][ T9350] __kmalloc_noprof+0x621/0xf80\n[ 70.203149][ T9350] hfsplus_find_init+0x8d/0x1d0\n[ 70.203602][ T9350] hfsplus_file_extend+0x6ca/0x1cf0\n[ 70.204087][ T9350] hfsplus_get_block+0xe16/0x17b0\n[ 70.204561][ T9350] __block_write_begin_int+0x962/0x2ce0\n[ 70.205074][ T9350] cont_write_begin+0x1000/0x1950\n[ 70.205547][ T9350] hfsplus_write_begin+0x85/0x130\n[ 70.206017][ T9350] generic_perform_write+0x3e8/0x1060\n[ 70.206519][ T9350] __generic_file_write_iter+0x215/0x460\n[ 70.207042][ T9350] generic_file_write_iter+0x109/0x5e0\n[ 70.207552][ T9350] vfs_write+0xb0f/0x14e0\n[ 70.207961][ T9350] ksys_write+0x23e/0x490\n[ 70.208375][ T9350] __x64_sys_write+0x97/0xf0\n[ 70.208810][ T9350] x64_sys_call+0x3015/0x3cf0\n[ 70.209255][ T9350] do_syscall_64+0xd9/0x1d0\n[ 70.209680][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.210230][ T9350]\n[ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5\n[ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.212115][ T9350] =====================================================\n[ 70.212734][ T9350] Disabling lock debugging due to kernel taint\n[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ...\n[ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5\n[ 70.214679][ T9350] Tainted: [B]=BAD_PAGE\n[ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.215999][ T9350] Call Trace:\n[ 70.216309][ T9350] \u003cTASK\u003e\n[ 70.216585][ T9350] dump_stack_lvl+0x1fd/0x2b0\n[ 70.217025][ T9350] dump_stack+0x1e/0x30\n[ 70.217421][ T9350] panic+0x502/0xca0\n[ 70.217803][ T9350] ? kmsan_get_metadata+0x13e/0x1c0\n\n[ 70.218294][ Message fromT sy9350] kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ...\n kernel\n:[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsan_get_metadata+0x13e/0x1c0\nset ...\n[ 70.221254][ T9350] ? __msan_warning+0x96/0x120\n[ 70.222066][ T9350] ? __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.223023][ T9350] ? hfsplus_file_extend+0x74f/0x1cf0\n[ 70.224120][ T9350] ? hfsplus_get_block+0xe16/0x17b0\n[ 70.224946][ T9350] ? __block_write_begin_int+0x962/0x2ce0\n[ 70.225756][ T9350] ? cont_write_begin+0x1000/0x1950\n[ 70.226337][ T9350] ? hfsplus_write_begin+0x85/0x130\n[ 70.226852][ T9350] ? generic_perform_write+0x3e8/0x1060\n[ 70.227405][ T9350] ? __generic_file_write_iter+0x215/0x460\n[ 70.227979][ T9350] ? generic_file_write_iter+0x109/0x5e0\n[ 70.228540][ T9350] ? vfs_write+0xb0f/0x14e0\n[ 70.228997][ T9350] ? ksys_write+0x23e/0x490\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40244",
"url": "https://www.suse.com/security/cve/CVE-2025-40244"
},
{
"category": "external",
"summary": "SUSE Bug 1255033 for CVE-2025-40244",
"url": "https://bugzilla.suse.com/1255033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40244"
},
{
"cve": "CVE-2025-40248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Ignore signal/timeout on connect() if already established\n\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\n virtio_transport_purge_skbs() may race with sendmsg() invoking\n virtio_transport_get_credit(). This results in a permanently elevated\n `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n\n2. connect() resetting a connected socket\u0027s state may race with socket\n being placed in a sockmap. A disconnected socket remaining in a sockmap\n breaks sockmap\u0027s assumptions. And gives rise to WARNs.\n\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\n transport change/drop after TCP_ESTABLISHED. Which poses a problem for\n any simultaneous sendmsg() or connect() and may result in a\n use-after-free/null-ptr-deref.\n\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don\u0027t linger, can\u0027t be placed in a sockmap, are rejected by\nsendmsg().\n\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40248",
"url": "https://www.suse.com/security/cve/CVE-2025-40248"
},
{
"category": "external",
"summary": "SUSE Bug 1254864 for CVE-2025-40248",
"url": "https://bugzilla.suse.com/1254864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40248"
},
{
"cve": "CVE-2025-40250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clean up only new IRQ glue on request_irq() failure\n\nThe mlx5_irq_alloc() function can inadvertently free the entire rmap\nand end up in a crash[1] when the other threads tries to access this,\nwhen request_irq() fails due to exhausted IRQ vectors. This commit\nmodifies the cleanup to remove only the specific IRQ mapping that was\njust added.\n\nThis prevents removal of other valid mappings and ensures precise\ncleanup of the failed IRQ allocation\u0027s associated glue object.\n\nNote: This error is observed when both fwctl and rds configs are enabled.\n\n[1]\nmlx5_core 0000:05:00.0: Successfully registered panic handler for port 1\nmlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to\nrequest irq. err = -28\ninfiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while\ntrying to test write-combining support\nmlx5_core 0000:05:00.0: Successfully unregistered panic handler for port 1\nmlx5_core 0000:06:00.0: Successfully registered panic handler for port 1\nmlx5_core 0000:06:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to\nrequest irq. err = -28\ninfiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while\ntrying to test write-combining support\nmlx5_core 0000:06:00.0: Successfully unregistered panic handler for port 1\nmlx5_core 0000:03:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to\nrequest irq. err = -28\nmlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to\nrequest irq. err = -28\ngeneral protection fault, probably for non-canonical address\n0xe277a58fde16f291: 0000 [#1] SMP NOPTI\n\nRIP: 0010:free_irq_cpu_rmap+0x23/0x7d\nCall Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core]\n ? __die_body.cold+0x8/0xa\n ? die_addr+0x39/0x53\n ? exc_general_protection+0x1c4/0x3e9\n ? dev_vprintk_emit+0x5f/0x90\n ? asm_exc_general_protection+0x22/0x27\n ? free_irq_cpu_rmap+0x23/0x7d\n mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core]\n irq_pool_request_vector+0x7d/0x90 [mlx5_core]\n mlx5_irq_request+0x2e/0xe0 [mlx5_core]\n mlx5_irq_request_vector+0xad/0xf7 [mlx5_core]\n comp_irq_request_pci+0x64/0xf0 [mlx5_core]\n create_comp_eq+0x71/0x385 [mlx5_core]\n ? mlx5e_open_xdpsq+0x11c/0x230 [mlx5_core]\n mlx5_comp_eqn_get+0x72/0x90 [mlx5_core]\n ? xas_load+0x8/0x91\n mlx5_comp_irqn_get+0x40/0x90 [mlx5_core]\n mlx5e_open_channel+0x7d/0x3c7 [mlx5_core]\n mlx5e_open_channels+0xad/0x250 [mlx5_core]\n mlx5e_open_locked+0x3e/0x110 [mlx5_core]\n mlx5e_open+0x23/0x70 [mlx5_core]\n __dev_open+0xf1/0x1a5\n __dev_change_flags+0x1e1/0x249\n dev_change_flags+0x21/0x5c\n do_setlink+0x28b/0xcc4\n ? __nla_parse+0x22/0x3d\n ? inet6_validate_link_af+0x6b/0x108\n ? cpumask_next+0x1f/0x35\n ? __snmp6_fill_stats64.constprop.0+0x66/0x107\n ? __nla_validate_parse+0x48/0x1e6\n __rtnl_newlink+0x5ff/0xa57\n ? kmem_cache_alloc_trace+0x164/0x2ce\n rtnl_newlink+0x44/0x6e\n rtnetlink_rcv_msg+0x2bb/0x362\n ? __netlink_sendskb+0x4c/0x6c\n ? netlink_unicast+0x28f/0x2ce\n ? rtnl_calcit.isra.0+0x150/0x146\n netlink_rcv_skb+0x5f/0x112\n netlink_unicast+0x213/0x2ce\n netlink_sendmsg+0x24f/0x4d9\n __sock_sendmsg+0x65/0x6a\n ____sys_sendmsg+0x28f/0x2c9\n ? import_iovec+0x17/0x2b\n ___sys_sendmsg+0x97/0xe0\n __sys_sendmsg+0x81/0xd8\n do_syscall_64+0x35/0x87\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\nRIP: 0033:0x7fc328603727\nCode: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 0b ed\nff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00\nf0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 44 ed ff ff 48\nRSP: 002b:00007ffe8eb3f1a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc328603727\nRDX: 0000000000000000 RSI: 00007ffe8eb3f1f0 RDI: 000000000000000d\nRBP: 00007ffe8eb3f1f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\nR13: 00000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40250",
"url": "https://www.suse.com/security/cve/CVE-2025-40250"
},
{
"category": "external",
"summary": "SUSE Bug 1254854 for CVE-2025-40250",
"url": "https://bugzilla.suse.com/1254854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40250"
},
{
"cve": "CVE-2025-40251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: rate: Unset parent pointer in devl_rate_nodes_destroy\n\nThe function devl_rate_nodes_destroy is documented to \"Unset parent for\nall rate objects\". However, it was only calling the driver-specific\n`rate_leaf_parent_set` or `rate_node_parent_set` ops and decrementing\nthe parent\u0027s refcount, without actually setting the\n`devlink_rate-\u003eparent` pointer to NULL.\n\nThis leaves a dangling pointer in the `devlink_rate` struct, which cause\nrefcount error in netdevsim[1] and mlx5[2]. In addition, this is\ninconsistent with the behavior of `devlink_nl_rate_parent_node_set`,\nwhere the parent pointer is correctly cleared.\n\nThis patch fixes the issue by explicitly setting `devlink_rate-\u003eparent`\nto NULL after notifying the driver, thus fulfilling the function\u0027s\ndocumented behavior for all rate objects.\n\n[1]\nrepro steps:\necho 1 \u003e /sys/bus/netdevsim/new_device\ndevlink dev eswitch set netdevsim/netdevsim1 mode switchdev\necho 1 \u003e /sys/bus/netdevsim/devices/netdevsim1/sriov_numvfs\ndevlink port function rate add netdevsim/netdevsim1/test_node\ndevlink port function rate set netdevsim/netdevsim1/128 parent test_node\necho 1 \u003e /sys/bus/netdevsim/del_device\n\ndmesg:\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 8 PID: 1530 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\nCPU: 8 UID: 0 PID: 1530 Comm: bash Not tainted 6.18.0-rc4+ #1 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\nCall Trace:\n \u003cTASK\u003e\n devl_rate_leaf_destroy+0x8d/0x90\n __nsim_dev_port_del+0x6c/0x70 [netdevsim]\n nsim_dev_reload_destroy+0x11c/0x140 [netdevsim]\n nsim_drv_remove+0x2b/0xb0 [netdevsim]\n device_release_driver_internal+0x194/0x1f0\n bus_remove_device+0xc6/0x130\n device_del+0x159/0x3c0\n device_unregister+0x1a/0x60\n del_device_store+0x111/0x170 [netdevsim]\n kernfs_fop_write_iter+0x12e/0x1e0\n vfs_write+0x215/0x3d0\n ksys_write+0x5f/0xd0\n do_syscall_64+0x55/0x10f0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\ndevlink dev eswitch set pci/0000:08:00.0 mode switchdev\ndevlink port add pci/0000:08:00.0 flavour pcisf pfnum 0 sfnum 1000\ndevlink port function rate add pci/0000:08:00.0/group1\ndevlink port function rate set pci/0000:08:00.0/32768 parent group1\nmodprobe -r mlx5_ib mlx5_fwctl mlx5_core\n\ndmesg:\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 7 PID: 16151 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\nCPU: 7 UID: 0 PID: 16151 Comm: bash Not tainted 6.17.0-rc7_for_upstream_min_debug_2025_10_02_12_44 #1 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\nCall Trace:\n \u003cTASK\u003e\n devl_rate_leaf_destroy+0x8d/0x90\n mlx5_esw_offloads_devlink_port_unregister+0x33/0x60 [mlx5_core]\n mlx5_esw_offloads_unload_rep+0x3f/0x50 [mlx5_core]\n mlx5_eswitch_unload_sf_vport+0x40/0x90 [mlx5_core]\n mlx5_sf_esw_event+0xc4/0x120 [mlx5_core]\n notifier_call_chain+0x33/0xa0\n blocking_notifier_call_chain+0x3b/0x50\n mlx5_eswitch_disable_locked+0x50/0x110 [mlx5_core]\n mlx5_eswitch_disable+0x63/0x90 [mlx5_core]\n mlx5_unload+0x1d/0x170 [mlx5_core]\n mlx5_uninit_one+0xa2/0x130 [mlx5_core]\n remove_one+0x78/0xd0 [mlx5_core]\n pci_device_remove+0x39/0xa0\n device_release_driver_internal+0x194/0x1f0\n unbind_store+0x99/0xa0\n kernfs_fop_write_iter+0x12e/0x1e0\n vfs_write+0x215/0x3d0\n ksys_write+0x5f/0xd0\n do_syscall_64+0x53/0x1f0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40251",
"url": "https://www.suse.com/security/cve/CVE-2025-40251"
},
{
"category": "external",
"summary": "SUSE Bug 1254856 for CVE-2025-40251",
"url": "https://bugzilla.suse.com/1254856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40251"
},
{
"cve": "CVE-2025-40252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()\n\nThe loops in \u0027qede_tpa_cont()\u0027 and \u0027qede_tpa_end()\u0027, iterate\nover \u0027cqe-\u003elen_list[]\u0027 using only a zero-length terminator as\nthe stopping condition. If the terminator was missing or\nmalformed, the loop could run past the end of the fixed-size array.\n\nAdd an explicit bound check using ARRAY_SIZE() in both loops to prevent\na potential out-of-bounds access.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40252",
"url": "https://www.suse.com/security/cve/CVE-2025-40252"
},
{
"category": "external",
"summary": "SUSE Bug 1254849 for CVE-2025-40252",
"url": "https://bugzilla.suse.com/1254849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40252"
},
{
"cve": "CVE-2025-40256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added\n\nIn commit b441cf3f8c4b (\"xfrm: delete x-\u003etunnel as we delete x\"), I\nmissed the case where state creation fails between full\ninitialization (-\u003einit_state has been called) and being inserted on\nthe lists.\n\nIn this situation, -\u003einit_state has been called, so for IPcomp\ntunnels, the fallback tunnel has been created and added onto the\nlists, but the user state never gets added, because we fail before\nthat. The user state doesn\u0027t go through __xfrm_state_delete, so we\ndon\u0027t call xfrm_state_delete_tunnel for those states, and we end up\nleaking the FB tunnel.\n\nThere are several codepaths affected by this: the add/update paths, in\nboth net/key and xfrm, and the migrate code (xfrm_migrate,\nxfrm_state_migrate). A \"proper\" rollback of the init_state work would\nprobably be doable in the add/update code, but for migrate it gets\nmore complicated as multiple states may be involved.\n\nAt some point, the new (not-inserted) state will be destroyed, so call\nxfrm_state_delete_tunnel during xfrm_state_gc_destroy. Most states\nwill have their fallback tunnel cleaned up during __xfrm_state_delete,\nwhich solves the issue that b441cf3f8c4b (and other patches before it)\naimed at. All states (including FB tunnels) will be removed from the\nlists once xfrm_state_fini has called flush_work(\u0026xfrm_state_gc_work).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40256",
"url": "https://www.suse.com/security/cve/CVE-2025-40256"
},
{
"category": "external",
"summary": "SUSE Bug 1254851 for CVE-2025-40256",
"url": "https://bugzilla.suse.com/1254851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40256"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40262"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: imx_sc_key - fix memory corruption on unload\n\nThis is supposed to be \"priv\" but we accidentally pass \"\u0026priv\" which is\nan address in the stack and so it will lead to memory corruption when\nthe imx_sc_key_action() function is called. Remove the \u0026.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40262",
"url": "https://www.suse.com/security/cve/CVE-2025-40262"
},
{
"category": "external",
"summary": "SUSE Bug 1254840 for CVE-2025-40262",
"url": "https://bugzilla.suse.com/1254840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40262"
},
{
"cve": "CVE-2025-40263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40263"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cros_ec_keyb - fix an invalid memory access\n\nIf cros_ec_keyb_register_matrix() isn\u0027t called (due to\n`buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev-\u003eidev` remains\nNULL. An invalid memory access is observed in cros_ec_keyb_process()\nwhen receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()\nin such case.\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000028\n ...\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n input_event\n cros_ec_keyb_work\n blocking_notifier_call_chain\n ec_irq_thread\n\nIt\u0027s still unknown about why the kernel receives such malformed event,\nin any cases, the kernel shouldn\u0027t access `ckdev-\u003eidev` and friends if\nthe driver doesn\u0027t intend to initialize them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40263",
"url": "https://www.suse.com/security/cve/CVE-2025-40263"
},
{
"category": "external",
"summary": "SUSE Bug 1255077 for CVE-2025-40263",
"url": "https://bugzilla.suse.com/1255077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40263"
},
{
"cve": "CVE-2025-40268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: client: fix memory leak in smb3_fs_context_parse_param\n\nThe user calls fsconfig twice, but when the program exits, free() only\nfrees ctx-\u003esource for the second fsconfig, not the first.\nRegarding fc-\u003esource, there is no code in the fs context related to its\nmemory reclamation.\n\nTo fix this memory leak, release the source memory corresponding to ctx\nor fc before each parsing.\n\nsyzbot reported:\nBUG: memory leak\nunreferenced object 0xffff888128afa360 (size 96):\n backtrace (crc 79c9c7ba):\n kstrdup+0x3c/0x80 mm/util.c:84\n smb3_fs_context_parse_param+0x229b/0x36c0 fs/smb/client/fs_context.c:1444\n\nBUG: memory leak\nunreferenced object 0xffff888112c7d900 (size 96):\n backtrace (crc 79c9c7ba):\n smb3_fs_context_fullpath+0x70/0x1b0 fs/smb/client/fs_context.c:629\n smb3_fs_context_parse_param+0x2266/0x36c0 fs/smb/client/fs_context.c:1438",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40268",
"url": "https://www.suse.com/security/cve/CVE-2025-40268"
},
{
"category": "external",
"summary": "SUSE Bug 1255082 for CVE-2025-40268",
"url": "https://bugzilla.suse.com/1255082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40268"
},
{
"cve": "CVE-2025-40269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential overflow of PCM transfer buffer\n\nThe PCM stream data in USB-audio driver is transferred over USB URB\npacket buffers, and each packet size is determined dynamically. The\npacket sizes are limited by some factors such as wMaxPacketSize USB\ndescriptor. OTOH, in the current code, the actually used packet sizes\nare determined only by the rate and the PPS, which may be bigger than\nthe size limit above. This results in a buffer overflow, as reported\nby syzbot.\n\nBasically when the limit is smaller than the calculated packet size,\nit implies that something is wrong, most likely a weird USB\ndescriptor. So the best option would be just to return an error at\nthe parameter setup time before doing any further operations.\n\nThis patch introduces such a sanity check, and returns -EINVAL when\nthe packet size is greater than maxpacksize. The comparison with\nep-\u003epacksize[1] alone should suffice since it\u0027s always equal or\ngreater than ep-\u003epacksize[0].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40269",
"url": "https://www.suse.com/security/cve/CVE-2025-40269"
},
{
"category": "external",
"summary": "SUSE Bug 1255035 for CVE-2025-40269",
"url": "https://bugzilla.suse.com/1255035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40269"
},
{
"cve": "CVE-2025-40271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: fix uaf in proc_readdir_de()\n\nPde is erased from subdir rbtree through rb_erase(), but not set the node\nto EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()\nset the erased node to EMPTY, then pde_subdir_next() will return NULL to\navoid uaf access.\n\nWe found an uaf issue while using stress-ng testing, need to run testcase\ngetdent and tun in the same time. The steps of the issue is as follows:\n\n1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current\n pde is tun3;\n\n2) in the [time windows] unregister netdevice tun3 and tun2, and erase\n them from rbtree. erase tun3 first, and then erase tun2. the\n pde(tun2) will be released to slab;\n\n3) continue to getdent process, then pde_subdir_next() will return\n pde(tun2) which is released, it will case uaf access.\n\nCPU 0 | CPU 1\n-------------------------------------------------------------------------\ntraverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun-\u003edev) //tun3 tun2\nsys_getdents64() |\n iterate_dir() |\n proc_readdir() |\n proc_readdir_de() | snmp6_unregister_dev()\n pde_get(de); | proc_remove()\n read_unlock(\u0026proc_subdir_lock); | remove_proc_subtree()\n | write_lock(\u0026proc_subdir_lock);\n [time window] | rb_erase(\u0026root-\u003esubdir_node, \u0026parent-\u003esubdir);\n | write_unlock(\u0026proc_subdir_lock);\n read_lock(\u0026proc_subdir_lock); |\n next = pde_subdir_next(de); |\n pde_put(de); |\n de = next; //UAF |\n\nrbtree of dev_snmp6\n |\n pde(tun3)\n / \\\n NULL pde(tun2)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40271",
"url": "https://www.suse.com/security/cve/CVE-2025-40271"
},
{
"category": "external",
"summary": "SUSE Bug 1255297 for CVE-2025-40271",
"url": "https://bugzilla.suse.com/1255297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40271"
},
{
"cve": "CVE-2025-40272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/secretmem: fix use-after-free race in fault handler\n\nWhen a page fault occurs in a secret memory file created with\n`memfd_secret(2)`, the kernel will allocate a new folio for it, mark the\nunderlying page as not-present in the direct map, and add it to the file\nmapping.\n\nIf two tasks cause a fault in the same page concurrently, both could end\nup allocating a folio and removing the page from the direct map, but only\none would succeed in adding the folio to the file mapping. The task that\nfailed undoes the effects of its attempt by (a) freeing the folio again\nand (b) putting the page back into the direct map. However, by doing\nthese two operations in this order, the page becomes available to the\nallocator again before it is placed back in the direct mapping.\n\nIf another task attempts to allocate the page between (a) and (b), and the\nkernel tries to access it via the direct map, it would result in a\nsupervisor not-present page fault.\n\nFix the ordering to restore the direct map before the folio is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40272",
"url": "https://www.suse.com/security/cve/CVE-2025-40272"
},
{
"category": "external",
"summary": "SUSE Bug 1254832 for CVE-2025-40272",
"url": "https://bugzilla.suse.com/1254832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40272"
},
{
"cve": "CVE-2025-40273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: free copynotify stateid in nfs4_free_ol_stateid()\n\nTypically copynotify stateid is freed either when parent\u0027s stateid\nis being close/freed or in nfsd4_laundromat if the stateid hasn\u0027t\nbeen used in a lease period.\n\nHowever, in case when the server got an OPEN (which created\na parent stateid), followed by a COPY_NOTIFY using that stateid,\nfollowed by a client reboot. New client instance while doing\nCREATE_SESSION would force expire previous state of this client.\nIt leads to the open state being freed thru release_openowner-\u003e\nnfs4_free_ol_stateid() and it finds that it still has copynotify\nstateid associated with it. We currently print a warning and is\ntriggerred\n\nWARNING: CPU: 1 PID: 8858 at fs/nfsd/nfs4state.c:1550 nfs4_free_ol_stateid+0xb0/0x100 [nfsd]\n\nThis patch, instead, frees the associated copynotify stateid here.\n\nIf the parent stateid is freed (without freeing the copynotify\nstateids associated with it), it leads to the list corruption\nwhen laundromat ends up freeing the copynotify state later.\n\n[ 1626.839430] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 1626.842828] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth cfg80211 rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd nfs_acl lockd grace nfs_localio ext4 crc16 mbcache jbd2 overlay uinput snd_seq_dummy snd_hrtimer qrtr rfkill vfat fat uvcvideo snd_hda_codec_generic videobuf2_vmalloc videobuf2_memops snd_hda_intel uvc snd_intel_dspcfg videobuf2_v4l2 videobuf2_common snd_hda_codec snd_hda_core videodev snd_hwdep snd_seq mc snd_seq_device snd_pcm snd_timer snd soundcore sg loop auth_rpcgss vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs 8021q garp stp llc mrp nvme ghash_ce e1000e nvme_core sr_mod nvme_keyring nvme_auth cdrom vmwgfx drm_ttm_helper ttm sunrpc dm_mirror dm_region_hash dm_log iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fuse dm_multipath dm_mod nfnetlink\n[ 1626.855594] CPU: 2 UID: 0 PID: 199 Comm: kworker/u24:33 Kdump: loaded Tainted: G B W 6.17.0-rc7+ #22 PREEMPT(voluntary)\n[ 1626.857075] Tainted: [B]=BAD_PAGE, [W]=WARN\n[ 1626.857573] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024\n[ 1626.858724] Workqueue: nfsd4 laundromat_main [nfsd]\n[ 1626.859304] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 1626.860010] pc : __list_del_entry_valid_or_report+0x148/0x200\n[ 1626.860601] lr : __list_del_entry_valid_or_report+0x148/0x200\n[ 1626.861182] sp : ffff8000881d7a40\n[ 1626.861521] x29: ffff8000881d7a40 x28: 0000000000000018 x27: ffff0000c2a98200\n[ 1626.862260] x26: 0000000000000600 x25: 0000000000000000 x24: ffff8000881d7b20\n[ 1626.862986] x23: ffff0000c2a981e8 x22: 1fffe00012410e7d x21: ffff0000920873e8\n[ 1626.863701] x20: ffff0000920873e8 x19: ffff000086f22998 x18: 0000000000000000\n[ 1626.864421] x17: 20747562202c3839 x16: 3932326636383030 x15: 3030666666662065\n[ 1626.865092] x14: 6220646c756f6873 x13: 0000000000000001 x12: ffff60004fd9e4a3\n[ 1626.865713] x11: 1fffe0004fd9e4a2 x10: ffff60004fd9e4a2 x9 : dfff800000000000\n[ 1626.866320] x8 : 00009fffb0261b5e x7 : ffff00027ecf2513 x6 : 0000000000000001\n[ 1626.866938] x5 : ffff00027ecf2510 x4 : ffff60004fd9e4a3 x3 : 0000000000000000\n[ 1626.867553] x2 : 0000000000000000 x1 : ffff000096069640 x0 : 000000000000006d\n[ 1626.868167] Call trace:\n[ 1626.868382] __list_del_entry_valid_or_report+0x148/0x200 (P)\n[ 1626.868876] _free_cpntf_state_locked+0xd0/0x268 [nfsd]\n[ 1626.869368] nfs4_laundromat+0x6f8/0x1058 [nfsd]\n[ 1626.869813] laundromat_main+0x24/0x60 [nfsd]\n[ 1626.870231] process_one_work+0x584/0x1050\n[ 1626.870595] worker_thread+0x4c4/0xc60\n[ 1626.870893] kthread+0x2f8/0x398\n[ 1626.871146] ret_from_fork+0x10/0x20\n[ 1626.871422] Code: aa1303e1 aa1403e3 910e8000 97bc55d7 (d4210000)\n[ 1626.871892] SMP: stopping secondary CPUs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40273",
"url": "https://www.suse.com/security/cve/CVE-2025-40273"
},
{
"category": "external",
"summary": "SUSE Bug 1254828 for CVE-2025-40273",
"url": "https://bugzilla.suse.com/1254828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40273"
},
{
"cve": "CVE-2025-40274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying\n\nWhen unbinding a memslot from a guest_memfd instance, remove the bindings\neven if the guest_memfd file is dying, i.e. even if its file refcount has\ngone to zero. If the memslot is freed before the file is fully released,\nnullifying the memslot side of the binding in kvm_gmem_release() will\nwrite to freed memory, as detected by syzbot+KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353\n Write of size 8 at addr ffff88807befa508 by task syz.0.17/6022\n\n CPU: 0 UID: 0 PID: 6022 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353\n __fput+0x44c/0xa70 fs/file_table.c:468\n task_work_run+0x1d4/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xe9/0x130 kernel/entry/common.c:43\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7fbeeff8efc9\n \u003c/TASK\u003e\n\n Allocated by task 6023:\n kasan_save_stack mm/kasan/common.c:56 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\n poison_kmalloc_redzone mm/kasan/common.c:397 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:414\n kasan_kmalloc include/linux/kasan.h:262 [inline]\n __kmalloc_cache_noprof+0x3e2/0x700 mm/slub.c:5758\n kmalloc_noprof include/linux/slab.h:957 [inline]\n kzalloc_noprof include/linux/slab.h:1094 [inline]\n kvm_set_memory_region+0x747/0xb90 virt/kvm/kvm_main.c:2104\n kvm_vm_ioctl_set_memory_region+0x6f/0xd0 virt/kvm/kvm_main.c:2154\n kvm_vm_ioctl+0x957/0xc60 virt/kvm/kvm_main.c:5201\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 6023:\n kasan_save_stack mm/kasan/common.c:56 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584\n poison_slab_object mm/kasan/common.c:252 [inline]\n __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:284\n kasan_slab_free include/linux/kasan.h:234 [inline]\n slab_free_hook mm/slub.c:2533 [inline]\n slab_free mm/slub.c:6622 [inline]\n kfree+0x19a/0x6d0 mm/slub.c:6829\n kvm_set_memory_region+0x9c4/0xb90 virt/kvm/kvm_main.c:2130\n kvm_vm_ioctl_set_memory_region+0x6f/0xd0 virt/kvm/kvm_main.c:2154\n kvm_vm_ioctl+0x957/0xc60 virt/kvm/kvm_main.c:5201\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nDeliberately don\u0027t acquire filemap invalid lock when the file is dying as\nthe lifecycle of f_mapping is outside the purview of KVM. Dereferencing\nthe mapping is *probably* fine, but there\u0027s no need to invalidate anything\nas memslot deletion is responsible for zapping SPTEs, and the only code\nthat can access the dying file is kvm_gmem_release(), whose core code is\nmutual\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40274",
"url": "https://www.suse.com/security/cve/CVE-2025-40274"
},
{
"category": "external",
"summary": "SUSE Bug 1254830 for CVE-2025-40274",
"url": "https://bugzilla.suse.com/1254830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40274"
},
{
"cve": "CVE-2025-40275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd\n\nIn snd_usb_create_streams(), for UAC version 3 devices, the Interface\nAssociation Descriptor (IAD) is retrieved via usb_ifnum_to_if(). If this\ncall fails, a fallback routine attempts to obtain the IAD from the next\ninterface and sets a BADD profile. However, snd_usb_mixer_controls_badd()\nassumes that the IAD retrieved from usb_ifnum_to_if() is always valid,\nwithout performing a NULL check. This can lead to a NULL pointer\ndereference when usb_ifnum_to_if() fails to find the interface descriptor.\n\nThis patch adds a NULL pointer check after calling usb_ifnum_to_if() in\nsnd_usb_mixer_controls_badd() to prevent the dereference.\n\nThis issue was discovered by syzkaller, which triggered the bug by sending\na crafted USB device descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40275",
"url": "https://www.suse.com/security/cve/CVE-2025-40275"
},
{
"category": "external",
"summary": "SUSE Bug 1254829 for CVE-2025-40275",
"url": "https://bugzilla.suse.com/1254829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40275"
},
{
"cve": "CVE-2025-40276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Flush shmem writes before mapping buffers CPU-uncached\n\nThe shmem layer zeroes out the new pages using cached mappings, and if\nwe don\u0027t CPU-flush we might leave dirty cachelines behind, leading to\npotential data leaks and/or asynchronous buffer corruption when dirty\ncachelines are evicted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40276",
"url": "https://www.suse.com/security/cve/CVE-2025-40276"
},
{
"category": "external",
"summary": "SUSE Bug 1254824 for CVE-2025-40276",
"url": "https://bugzilla.suse.com/1254824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40276"
},
{
"cve": "CVE-2025-40277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE\n\nThis data originates from userspace and is used in buffer offset\ncalculations which could potentially overflow causing an out-of-bounds\naccess.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40277",
"url": "https://www.suse.com/security/cve/CVE-2025-40277"
},
{
"category": "external",
"summary": "SUSE Bug 1254894 for CVE-2025-40277",
"url": "https://bugzilla.suse.com/1254894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40277"
},
{
"cve": "CVE-2025-40278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak\n\nFix a KMSAN kernel-infoleak detected by the syzbot .\n\n[net?] KMSAN: kernel-infoleak in __skb_datagram_iter\n\nIn tcf_ife_dump(), the variable \u0027opt\u0027 was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.\n\nThis change silences the KMSAN report and prevents potential information\nleaks from the kernel memory.\n\nThis fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures no infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40278",
"url": "https://www.suse.com/security/cve/CVE-2025-40278"
},
{
"category": "external",
"summary": "SUSE Bug 1254825 for CVE-2025-40278",
"url": "https://bugzilla.suse.com/1254825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40278"
},
{
"cve": "CVE-2025-40279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_connmark: initialize struct tc_ife to fix kernel leak\n\nIn tcf_connmark_dump(), the variable \u0027opt\u0027 was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40279",
"url": "https://www.suse.com/security/cve/CVE-2025-40279"
},
{
"category": "external",
"summary": "SUSE Bug 1254846 for CVE-2025-40279",
"url": "https://bugzilla.suse.com/1254846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40279"
},
{
"cve": "CVE-2025-40280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_mon_reinit_self().\n\nsyzbot reported use-after-free of tipc_net(net)-\u003emonitors[]\nin tipc_mon_reinit_self(). [0]\n\nThe array is protected by RTNL, but tipc_mon_reinit_self()\niterates over it without RTNL.\n\ntipc_mon_reinit_self() is called from tipc_net_finalize(),\nwhich is always under RTNL except for tipc_net_finalize_work().\n\nLet\u0027s hold RTNL in tipc_net_finalize_work().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\nRead of size 1 at addr ffff88805eae1030 by task kworker/0:7/5989\n\nCPU: 0 UID: 0 PID: 5989 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nWorkqueue: events tipc_net_finalize_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:568\n kasan_check_byte include/linux/kasan.h:399 [inline]\n lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\n rtlock_slowlock kernel/locking/rtmutex.c:1894 [inline]\n rwbase_rtmutex_lock_state kernel/locking/spinlock_rt.c:160 [inline]\n rwbase_write_lock+0xd3/0x7e0 kernel/locking/rwbase_rt.c:244\n rt_write_lock+0x76/0x110 kernel/locking/spinlock_rt.c:243\n write_lock_bh include/linux/rwlock_rt.h:99 [inline]\n tipc_mon_reinit_self+0x79/0x430 net/tipc/monitor.c:718\n tipc_net_finalize+0x115/0x190 net/tipc/net.c:140\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 6089:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x1a8/0x320 mm/slub.c:4407\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n tipc_mon_create+0xc3/0x4d0 net/tipc/monitor.c:657\n tipc_enable_bearer net/tipc/bearer.c:357 [inline]\n __tipc_nl_bearer_enable+0xe16/0x13f0 net/tipc/bearer.c:1047\n __tipc_nl_compat_doit net/tipc/netlink_compat.c:371 [inline]\n tipc_nl_compat_doit+0x3bc/0x5f0 net/tipc/netlink_compat.c:393\n tipc_nl_compat_handle net/tipc/netlink_compat.c:-1 [inline]\n tipc_nl_compat_recv+0x83c/0xbe0 net/tipc/netlink_compat.c:1321\n genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0x846/0xa10 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x21c/0x270 net/socket.c:729\n ____sys_sendmsg+0x508/0x820 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x1a1/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40280",
"url": "https://www.suse.com/security/cve/CVE-2025-40280"
},
{
"category": "external",
"summary": "SUSE Bug 1254847 for CVE-2025-40280",
"url": "https://bugzilla.suse.com/1254847"
},
{
"category": "external",
"summary": "SUSE Bug 1254951 for CVE-2025-40280",
"url": "https://bugzilla.suse.com/1254951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40280"
},
{
"cve": "CVE-2025-40282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40282"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: 6lowpan: reset link-local header on ipv6 recv path\n\nBluetooth 6lowpan.c netdev has header_ops, so it must set link-local\nheader for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW\n\nAdd missing skb_reset_mac_header() for uncompressed ipv6 RX path.\n\nFor the compressed one, it is done in lowpan_header_decompress().\n\nLog: (BlueZ 6lowpan-tester Client Recv Raw - Success)\n------\nkernel BUG at net/core/skbuff.c:212!\nCall Trace:\n\u003cIRQ\u003e\n...\npacket_rcv (net/packet/af_packet.c:2152)\n...\n\u003cTASK\u003e\n__local_bh_enable_ip (kernel/softirq.c:407)\nnetif_rx (net/core/dev.c:5648)\nchan_recv_cb (net/bluetooth/6lowpan.c:294 net/bluetooth/6lowpan.c:359)\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40282",
"url": "https://www.suse.com/security/cve/CVE-2025-40282"
},
{
"category": "external",
"summary": "SUSE Bug 1254850 for CVE-2025-40282",
"url": "https://bugzilla.suse.com/1254850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40282"
},
{
"cve": "CVE-2025-40283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF\n\nThere is a KASAN: slab-use-after-free read in btusb_disconnect().\nCalling \"usb_driver_release_interface(\u0026btusb_driver, data-\u003eintf)\" will\nfree the btusb data associated with the interface. The same data is\nthen used later in the function, hence the UAF.\n\nFix by moving the accesses to btusb data to before the data is free\u0027d.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40283",
"url": "https://www.suse.com/security/cve/CVE-2025-40283"
},
{
"category": "external",
"summary": "SUSE Bug 1254858 for CVE-2025-40283",
"url": "https://bugzilla.suse.com/1254858"
},
{
"category": "external",
"summary": "SUSE Bug 1254859 for CVE-2025-40283",
"url": "https://bugzilla.suse.com/1254859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40283"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix improper check of dentry.stream.valid_size\n\nWe found an infinite loop bug in the exFAT file system that can lead to a\nDenial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is\nmalformed, the following system calls - SYS_openat, SYS_ftruncate, and\nSYS_pwrite64 - can cause the kernel to hang.\n\nRoot cause analysis shows that the size validation code in exfat_find()\ndoes not check whether dentry.stream.valid_size is negative. As a result,\nthe system calls mentioned above can succeed and eventually trigger the DoS\nissue.\n\nThis patch adds a check for negative dentry.stream.valid_size to prevent\nthis vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40287",
"url": "https://www.suse.com/security/cve/CVE-2025-40287"
},
{
"category": "external",
"summary": "SUSE Bug 1255030 for CVE-2025-40287",
"url": "https://bugzilla.suse.com/1255030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40287"
},
{
"cve": "CVE-2025-40288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices\n\nPreviously, APU platforms (and other scenarios with uninitialized VRAM managers)\ntriggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root\ncause is not that the `struct ttm_resource_manager *man` pointer itself is NULL,\nbut that `man-\u003ebdev` (the backing device pointer within the manager) remains\nuninitialized (NULL) on APUs-since APUs lack dedicated VRAM and do not fully\nset up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to\nacquire `man-\u003ebdev-\u003elru_lock`, it dereferences the NULL `man-\u003ebdev`, leading to\na kernel OOPS.\n\n1. **amdgpu_cs.c**: Extend the existing bandwidth control check in\n `amdgpu_cs_get_threshold_for_moves()` to include a check for\n `ttm_resource_manager_used()`. If the manager is not used (uninitialized\n `bdev`), return 0 for migration thresholds immediately-skipping VRAM-specific\n logic that would trigger the NULL dereference.\n\n2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info\n reporting to use a conditional: if the manager is used, return the real VRAM\n usage; otherwise, return 0. This avoids accessing `man-\u003ebdev` when it is\n NULL.\n\n3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function)\n data write path. Use `ttm_resource_manager_used()` to check validity: if the\n manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set\n `fb_usage` to 0 (APUs have no discrete framebuffer to report).\n\nThis approach is more robust than APU-specific checks because it:\n- Works for all scenarios where the VRAM manager is uninitialized (not just APUs),\n- Aligns with TTM\u0027s design by using its native helper function,\n- Preserves correct behavior for discrete GPUs (which have fully initialized\n `man-\u003ebdev` and pass the `ttm_resource_manager_used()` check).\n\nv4: use ttm_resource_manager_used(\u0026adev-\u003emman.vram_mgr.manager) instead of checking the adev-\u003egmc.is_app_apu flag (Christian)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40288",
"url": "https://www.suse.com/security/cve/CVE-2025-40288"
},
{
"category": "external",
"summary": "SUSE Bug 1255057 for CVE-2025-40288",
"url": "https://bugzilla.suse.com/1255057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40288"
},
{
"cve": "CVE-2025-40289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM\n\nOtherwise accessing them can cause a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40289",
"url": "https://www.suse.com/security/cve/CVE-2025-40289"
},
{
"category": "external",
"summary": "SUSE Bug 1255042 for CVE-2025-40289",
"url": "https://bugzilla.suse.com/1255042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40289"
},
{
"cve": "CVE-2025-40292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: fix received length check in big packets\n\nSince commit 4959aebba8c0 (\"virtio-net: use mtu size as buffer length\nfor big packets\"), when guest gso is off, the allocated size for big\npackets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on\nnegotiated MTU. The number of allocated frags for big packets is stored\nin vi-\u003ebig_packets_num_skbfrags.\n\nBecause the host announced buffer length can be malicious (e.g. the host\nvhost_net driver\u0027s get_rx_bufs is modified to announce incorrect\nlength), we need a check in virtio_net receive path. Currently, the\ncheck is not adapted to the new change which can lead to NULL page\npointer dereference in the below while loop when receiving length that\nis larger than the allocated one.\n\nThis commit fixes the received length check corresponding to the new\nchange.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40292",
"url": "https://www.suse.com/security/cve/CVE-2025-40292"
},
{
"category": "external",
"summary": "SUSE Bug 1255175 for CVE-2025-40292",
"url": "https://bugzilla.suse.com/1255175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40292"
},
{
"cve": "CVE-2025-40293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Don\u0027t overflow during division for dirty tracking\n\nIf pgshift is 63 then BITS_PER_TYPE(*bitmap-\u003ebitmap) * pgsize will overflow\nto 0 and this triggers divide by 0.\n\nIn this case the index should just be 0, so reorganize things to divide\nby shift and avoid hitting any overflows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40293",
"url": "https://www.suse.com/security/cve/CVE-2025-40293"
},
{
"category": "external",
"summary": "SUSE Bug 1255179 for CVE-2025-40293",
"url": "https://bugzilla.suse.com/1255179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40293"
},
{
"cve": "CVE-2025-40294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()\n\nIn the parse_adv_monitor_pattern() function, the value of\nthe \u0027length\u0027 variable is currently limited to HCI_MAX_EXT_AD_LENGTH(251).\nThe size of the \u0027value\u0027 array in the mgmt_adv_pattern structure is 31.\nIf the value of \u0027pattern[i].length\u0027 is set in the user space\nand exceeds 31, the \u0027patterns[i].value\u0027 array can be accessed\nout of bound when copied.\n\nIncreasing the size of the \u0027value\u0027 array in\nthe \u0027mgmt_adv_pattern\u0027 structure will break the userspace.\nConsidering this, and to avoid OOB access revert the limits for \u0027offset\u0027\nand \u0027length\u0027 back to the value of HCI_MAX_AD_LENGTH.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40294",
"url": "https://www.suse.com/security/cve/CVE-2025-40294"
},
{
"category": "external",
"summary": "SUSE Bug 1255181 for CVE-2025-40294",
"url": "https://bugzilla.suse.com/1255181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40294"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-40301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: validate skb length for unknown CC opcode\n\nIn hci_cmd_complete_evt(), if the command complete event has an unknown\nopcode, we assume the first byte of the remaining skb-\u003edata contains the\nreturn status. However, parameter data has previously been pulled in\nhci_event_func(), which may leave the skb empty. If so, using skb-\u003edata[0]\nfor the return status uses un-init memory.\n\nThe fix is to check skb-\u003elen before using skb-\u003edata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40301",
"url": "https://www.suse.com/security/cve/CVE-2025-40301"
},
{
"category": "external",
"summary": "SUSE Bug 1255193 for CVE-2025-40301",
"url": "https://bugzilla.suse.com/1255193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40301"
},
{
"cve": "CVE-2025-40302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: videobuf2: forbid remove_bufs when legacy fileio is active\n\nvb2_ioctl_remove_bufs() call manipulates queue internal buffer list,\npotentially overwriting some pointers used by the legacy fileio access\nmode. Forbid that ioctl when fileio is active to protect internal queue\nstate between subsequent read/write calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40302",
"url": "https://www.suse.com/security/cve/CVE-2025-40302"
},
{
"category": "external",
"summary": "SUSE Bug 1255196 for CVE-2025-40302",
"url": "https://bugzilla.suse.com/1255196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40302"
},
{
"cve": "CVE-2025-40304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds\n\nAdd bounds checking to prevent writes past framebuffer boundaries when\nrendering text near screen edges. Return early if the Y position is off-screen\nand clip image height to screen boundary. Break from the rendering loop if the\nX position is off-screen. When clipping image width to fit the screen, update\nthe character count to match the clipped width to prevent buffer size\nmismatches.\n\nWithout the character count update, bit_putcs_aligned and bit_putcs_unaligned\nreceive mismatched parameters where the buffer is allocated for the clipped\nwidth but cnt reflects the original larger count, causing out-of-bounds writes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40304",
"url": "https://www.suse.com/security/cve/CVE-2025-40304"
},
{
"category": "external",
"summary": "SUSE Bug 1255034 for CVE-2025-40304",
"url": "https://bugzilla.suse.com/1255034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40304"
},
{
"cve": "CVE-2025-40306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40306"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix xattr related buffer overflow...\n\nWilly Tarreau \u003cw@1wt.eu\u003e forwarded me a message from\nDisclosure \u003cdisclosure@aisle.com\u003e with the following\nwarning:\n\n\u003e The helper `xattr_key()` uses the pointer variable in the loop condition\n\u003e rather than dereferencing it. As `key` is incremented, it remains non-NULL\n\u003e (until it runs into unmapped memory), so the loop does not terminate on\n\u003e valid C strings and will walk memory indefinitely, consuming CPU or hanging\n\u003e the thread.\n\nI easily reproduced this with setfattr and getfattr, causing a kernel\noops, hung user processes and corrupted orangefs files. Disclosure\nsent along a diff (not a patch) with a suggested fix, which I based\nthis patch on.\n\nAfter xattr_key started working right, xfstest generic/069 exposed an\nxattr related memory leak that lead to OOM. xattr_key returns\na hashed key. When adding xattrs to the orangefs xattr cache, orangefs\nused hash_add, a kernel hashing macro. hash_add also hashes the key using\nhash_log which resulted in additions to the xattr cache going to the wrong\nhash bucket. generic/069 tortures a single file and orangefs does a\ngetattr for the xattr \"security.capability\" every time. Orangefs\nnegative caches on xattrs which includes a kmalloc. Since adds to the\nxattr cache were going to the wrong bucket, every getattr for\n\"security.capability\" resulted in another kmalloc, none of which were\never freed.\n\nI changed the two uses of hash_add to hlist_add_head instead\nand the memory leak ceased and generic/069 quit throwing furniture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40306",
"url": "https://www.suse.com/security/cve/CVE-2025-40306"
},
{
"category": "external",
"summary": "SUSE Bug 1255062 for CVE-2025-40306",
"url": "https://bugzilla.suse.com/1255062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40306"
},
{
"cve": "CVE-2025-40307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: validate cluster allocation bits of the allocation bitmap\n\nsyzbot created an exfat image with cluster bits not set for the allocation\nbitmap. exfat-fs reads and uses the allocation bitmap without checking\nthis. The problem is that if the start cluster of the allocation bitmap\nis 6, cluster 6 can be allocated when creating a directory with mkdir.\nexfat zeros out this cluster in exfat_mkdir, which can delete existing\nentries. This can reallocate the allocated entries. In addition,\nthe allocation bitmap is also zeroed out, so cluster 6 can be reallocated.\nThis patch adds exfat_test_bitmap_range to validate that clusters used for\nthe allocation bitmap are correctly marked as in-use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40307",
"url": "https://www.suse.com/security/cve/CVE-2025-40307"
},
{
"category": "external",
"summary": "SUSE Bug 1255039 for CVE-2025-40307",
"url": "https://bugzilla.suse.com/1255039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40307"
},
{
"cve": "CVE-2025-40308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40308"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bcsp: receive data only if registered\n\nCurrently, bcsp_recv() can be called even when the BCSP protocol has not\nbeen registered. This leads to a NULL pointer dereference, as shown in\nthe following stack trace:\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590\n Call Trace:\n \u003cTASK\u003e\n hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627\n tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290\n tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nTo prevent this, ensure that the HCI_UART_REGISTERED flag is set before\nprocessing received data. If the protocol is not registered, return\n-EUNATCH.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40308",
"url": "https://www.suse.com/security/cve/CVE-2025-40308"
},
{
"category": "external",
"summary": "SUSE Bug 1255064 for CVE-2025-40308",
"url": "https://bugzilla.suse.com/1255064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40308"
},
{
"cve": "CVE-2025-40309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_conn_free\n\nBUG: KASAN: slab-use-after-free in sco_conn_free net/bluetooth/sco.c:87 [inline]\nBUG: KASAN: slab-use-after-free in kref_put include/linux/kref.h:65 [inline]\nBUG: KASAN: slab-use-after-free in sco_conn_put+0xdd/0x410\nnet/bluetooth/sco.c:107\nWrite of size 8 at addr ffff88811cb96b50 by task kworker/u17:4/352\n\nCPU: 1 UID: 0 PID: 352 Comm: kworker/u17:4 Not tainted\n6.17.0-rc5-g717368f83676 #4 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci13 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x10b/0x170 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x191/0x550 mm/kasan/report.c:482\n kasan_report+0xc4/0x100 mm/kasan/report.c:595\n sco_conn_free net/bluetooth/sco.c:87 [inline]\n kref_put include/linux/kref.h:65 [inline]\n sco_conn_put+0xdd/0x410 net/bluetooth/sco.c:107\n sco_connect_cfm+0xb4/0xae0 net/bluetooth/sco.c:1441\n hci_connect_cfm include/net/bluetooth/hci_core.h:2082 [inline]\n hci_conn_failed+0x20a/0x2e0 net/bluetooth/hci_conn.c:1313\n hci_conn_unlink+0x55f/0x810 net/bluetooth/hci_conn.c:1121\n hci_conn_del+0xb6/0x1110 net/bluetooth/hci_conn.c:1147\n hci_abort_conn_sync+0x8c5/0xbb0 net/bluetooth/hci_sync.c:5689\n hci_cmd_sync_work+0x281/0x380 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0x77e/0x1040 kernel/workqueue.c:3319\n worker_thread+0xbee/0x1200 kernel/workqueue.c:3400\n kthread+0x3c7/0x870 kernel/kthread.c:463\n ret_from_fork+0x13a/0x1e0 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 31370:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x70 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0x82/0x90 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4382 [inline]\n __kmalloc_noprof+0x22f/0x390 mm/slub.c:4394\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xae/0x220 net/core/sock.c:2239\n sk_alloc+0x34/0x5a0 net/core/sock.c:2295\n bt_sock_alloc+0x3c/0x330 net/bluetooth/af_bluetooth.c:151\n sco_sock_alloc net/bluetooth/sco.c:562 [inline]\n sco_sock_create+0xc0/0x350 net/bluetooth/sco.c:593\n bt_sock_create+0x161/0x3b0 net/bluetooth/af_bluetooth.c:135\n __sock_create+0x3ad/0x780 net/socket.c:1589\n sock_create net/socket.c:1647 [inline]\n __sys_socket_create net/socket.c:1684 [inline]\n __sys_socket+0xd5/0x330 net/socket.c:1731\n __do_sys_socket net/socket.c:1745 [inline]\n __se_sys_socket net/socket.c:1743 [inline]\n __x64_sys_socket+0x7a/0x90 net/socket.c:1743\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xc7/0x240 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 31374:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x70 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:243 [inline]\n __kasan_slab_free+0x3d/0x50 mm/kasan/common.c:275\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2428 [inline]\n slab_free mm/slub.c:4701 [inline]\n kfree+0x199/0x3b0 mm/slub.c:4900\n sk_prot_free net/core/sock.c:2278 [inline]\n __sk_destruct+0x4aa/0x630 net/core/sock.c:2373\n sco_sock_release+0x2ad/0x300 net/bluetooth/sco.c:1333\n __sock_release net/socket.c:649 [inline]\n sock_close+0xb8/0x230 net/socket.c:1439\n __fput+0x3d1/0x9e0 fs/file_table.c:468\n task_work_run+0x206/0x2a0 kernel/task_work.c:227\n get_signal+0x1201/0x1410 kernel/signal.c:2807\n arch_do_signal_or_restart+0x34/0x740 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop+0x68/0xc0 kernel/entry/common.c:40\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n s\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40309",
"url": "https://www.suse.com/security/cve/CVE-2025-40309"
},
{
"category": "external",
"summary": "SUSE Bug 1255065 for CVE-2025-40309",
"url": "https://bugzilla.suse.com/1255065"
},
{
"category": "external",
"summary": "SUSE Bug 1255066 for CVE-2025-40309",
"url": "https://bugzilla.suse.com/1255066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40309"
},
{
"cve": "CVE-2025-40310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw\n\nThere is race in amdgpu_amdkfd_device_fini_sw and interrupt.\nif amdgpu_amdkfd_device_fini_sw run in b/w kfd_cleanup_nodes and\n kfree(kfd), and KGD interrupt generated.\n\nkernel panic log:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000098\namdgpu 0000:c8:00.0: amdgpu: Requesting 4 partitions through PSP\n\nPGD d78c68067 P4D d78c68067\n\nkfd kfd: amdgpu: Allocated 3969056 bytes on gart\n\nPUD 1465b8067 PMD @\n\nOops: @002 [#1] SMP NOPTI\n\nkfd kfd: amdgpu: Total number of KFD nodes to be created: 4\nCPU: 115 PID: @ Comm: swapper/115 Kdump: loaded Tainted: G S W OE K\n\nRIP: 0010:_raw_spin_lock_irqsave+0x12/0x40\n\nCode: 89 e@ 41 5c c3 cc cc cc cc 66 66 2e Of 1f 84 00 00 00 00 00 OF 1f 40 00 Of 1f 44% 00 00 41 54 9c 41 5c fa 31 cO ba 01 00 00 00 \u003cfO\u003e OF b1 17 75 Ba 4c 89 e@ 41 Sc\n\n89 c6 e8 07 38 5d\n\nRSP: 0018: ffffc90@1a6b0e28 EFLAGS: 00010046\n\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018\n0000000000000001 RSI: ffff8883bb623e00 RDI: 0000000000000098\nffff8883bb000000 RO8: ffff888100055020 ROO: ffff888100055020\n0000000000000000 R11: 0000000000000000 R12: 0900000000000002\nffff888F2b97da0@ R14: @000000000000098 R15: ffff8883babdfo00\n\nCS: 010 DS: 0000 ES: 0000 CRO: 0000000080050033\n\nCR2: 0000000000000098 CR3: 0000000e7cae2006 CR4: 0000000002770ce0\n0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n0000000000000000 DR6: 00000000fffeO7FO DR7: 0000000000000400\n\nPKRU: 55555554\n\nCall Trace:\n\n\u003cIRQ\u003e\n\nkgd2kfd_interrupt+@x6b/0x1f@ [amdgpu]\n\n? amdgpu_fence_process+0xa4/0x150 [amdgpu]\n\nkfd kfd: amdgpu: Node: 0, interrupt_bitmap: 3 YcpxFl Rant tErace\n\namdgpu_irq_dispatch+0x165/0x210 [amdgpu]\n\namdgpu_ih_process+0x80/0x100 [amdgpu]\n\namdgpu: Virtual CRAT table created for GPU\n\namdgpu_irq_handler+0x1f/@x60 [amdgpu]\n\n__handle_irq_event_percpu+0x3d/0x170\n\namdgpu: Topology: Add dGPU node [0x74a2:0x1002]\n\nhandle_irq_event+0x5a/@xcO\n\nhandle_edge_irq+0x93/0x240\n\nkfd kfd: amdgpu: KFD node 1 partition @ size 49148M\n\nasm_call_irq_on_stack+0xf/@x20\n\n\u003c/IRQ\u003e\n\ncommon_interrupt+0xb3/0x130\n\nasm_common_interrupt+0x1le/0x40\n\n5.10.134-010.a1i5000.a18.x86_64 #1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40310",
"url": "https://www.suse.com/security/cve/CVE-2025-40310"
},
{
"category": "external",
"summary": "SUSE Bug 1255041 for CVE-2025-40310",
"url": "https://bugzilla.suse.com/1255041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40310"
},
{
"cve": "CVE-2025-40311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/habanalabs: support mapping cb with vmalloc-backed coherent memory\n\nWhen IOMMU is enabled, dma_alloc_coherent() with GFP_USER may return\naddresses from the vmalloc range. If such an address is mapped without\nVM_MIXEDMAP, vm_insert_page() will trigger a BUG_ON due to the\nVM_PFNMAP restriction.\n\nFix this by checking for vmalloc addresses and setting VM_MIXEDMAP\nin the VMA before mapping. This ensures safe mapping and avoids kernel\ncrashes. The memory is still driver-allocated and cannot be accessed\ndirectly by userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40311",
"url": "https://www.suse.com/security/cve/CVE-2025-40311"
},
{
"category": "external",
"summary": "SUSE Bug 1255068 for CVE-2025-40311",
"url": "https://bugzilla.suse.com/1255068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2025-40311"
},
{
"cve": "CVE-2025-40312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Verify inode mode when loading from disk\n\nThe inode mode loaded from corrupted disk can be invalid. Do like what\ncommit 0a9e74051313 (\"isofs: Verify inode mode when loading from disk\")\ndoes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40312",
"url": "https://www.suse.com/security/cve/CVE-2025-40312"
},
{
"category": "external",
"summary": "SUSE Bug 1255046 for CVE-2025-40312",
"url": "https://bugzilla.suse.com/1255046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40312"
},
{
"cve": "CVE-2025-40314",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40314"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget\n\nIn the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions, the gadget\nstructure (pdev-\u003egadget) was freed before its endpoints.\nThe endpoints are linked via the ep_list in the gadget structure.\nFreeing the gadget first leaves dangling pointers in the endpoint list.\nWhen the endpoints are subsequently freed, this results in a use-after-free.\n\nFix:\nBy separating the usb_del_gadget_udc() operation into distinct \"del\" and\n\"put\" steps, cdnsp_gadget_free_endpoints() can be executed prior to the\nfinal release of the gadget structure with usb_put_gadget().\n\nA patch similar to bb9c74a5bd14(\"usb: dwc3: gadget: Free gadget structure\n only after freeing endpoints\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40314",
"url": "https://www.suse.com/security/cve/CVE-2025-40314"
},
{
"category": "external",
"summary": "SUSE Bug 1255072 for CVE-2025-40314",
"url": "https://bugzilla.suse.com/1255072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40314"
},
{
"cve": "CVE-2025-40315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Fix epfile null pointer access after ep enable.\n\nA race condition occurs when ffs_func_eps_enable() runs concurrently\nwith ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset()\nsets ffs-\u003eepfiles to NULL before resetting ffs-\u003eeps_count to 0, leading\nto a NULL pointer dereference when accessing epfile-\u003eep in\nffs_func_eps_enable() after successful usb_ep_enable().\n\nThe ffs-\u003eepfiles pointer is set to NULL in both ffs_data_clear() and\nffs_data_close() functions, and its modification is protected by the\nspinlock ffs-\u003eeps_lock. And the whole ffs_func_eps_enable() function\nis also protected by ffs-\u003eeps_lock.\n\nThus, add NULL pointer handling for ffs-\u003eepfiles in the\nffs_func_eps_enable() function to fix issues",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40315",
"url": "https://www.suse.com/security/cve/CVE-2025-40315"
},
{
"category": "external",
"summary": "SUSE Bug 1255083 for CVE-2025-40315",
"url": "https://bugzilla.suse.com/1255083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40315"
},
{
"cve": "CVE-2025-40316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40316"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix device use-after-free on unbind\n\nA recent change fixed device reference leaks when looking up drm\nplatform device driver data during bind() but failed to remove a partial\nfix which had been added by commit 80805b62ea5b (\"drm/mediatek: Fix\nkobject put for component sub-drivers\").\n\nThis results in a reference imbalance on component bind() failures and\non unbind() which could lead to a user-after-free.\n\nMake sure to only drop the references after retrieving the driver data\nby effectively reverting the previous partial fix.\n\nNote that holding a reference to a device does not prevent its driver\ndata from going away so there is no point in keeping the reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40316",
"url": "https://www.suse.com/security/cve/CVE-2025-40316"
},
{
"category": "external",
"summary": "SUSE Bug 1254797 for CVE-2025-40316",
"url": "https://bugzilla.suse.com/1254797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40316"
},
{
"cve": "CVE-2025-40317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: slimbus: fix bus_context pointer in regmap init calls\n\nCommit 4e65bda8273c (\"ASoC: wcd934x: fix error handling in\nwcd934x_codec_parse_data()\") revealed the problem in the slimbus regmap.\nThat commit breaks audio playback, for instance, on sdm845 Thundercomm\nDragonboard 845c board:\n\n Unable to handle kernel paging request at virtual address ffff8000847cbad4\n ...\n CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT\n Hardware name: Thundercomm Dragonboard 845c (DT)\n ...\n Call trace:\n slim_xfer_msg+0x24/0x1ac [slimbus] (P)\n slim_read+0x48/0x74 [slimbus]\n regmap_slimbus_read+0x18/0x24 [regmap_slimbus]\n _regmap_raw_read+0xe8/0x174\n _regmap_bus_read+0x44/0x80\n _regmap_read+0x60/0xd8\n _regmap_update_bits+0xf4/0x140\n _regmap_select_page+0xa8/0x124\n _regmap_raw_write_impl+0x3b8/0x65c\n _regmap_bus_raw_write+0x60/0x80\n _regmap_write+0x58/0xc0\n regmap_write+0x4c/0x80\n wcd934x_hw_params+0x494/0x8b8 [snd_soc_wcd934x]\n snd_soc_dai_hw_params+0x3c/0x7c [snd_soc_core]\n __soc_pcm_hw_params+0x22c/0x634 [snd_soc_core]\n dpcm_be_dai_hw_params+0x1d4/0x38c [snd_soc_core]\n dpcm_fe_dai_hw_params+0x9c/0x17c [snd_soc_core]\n snd_pcm_hw_params+0x124/0x464 [snd_pcm]\n snd_pcm_common_ioctl+0x110c/0x1820 [snd_pcm]\n snd_pcm_ioctl+0x34/0x4c [snd_pcm]\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xec\n el0t_64_sync_handler+0xa0/0xf0\n el0t_64_sync+0x198/0x19c\n\nThe __devm_regmap_init_slimbus() started to be used instead of\n__regmap_init_slimbus() after the commit mentioned above and turns out\nthe incorrect bus_context pointer (3rd argument) was used in\n__devm_regmap_init_slimbus(). It should be just \"slimbus\" (which is equal\nto \u0026slimbus-\u003edev). Correct it. The wcd934x codec seems to be the only or\nthe first user of devm_regmap_init_slimbus() but we should fix it till\nthe point where __devm_regmap_init_slimbus() was introduced therefore\ntwo \"Fixes\" tags.\n\nWhile at this, also correct the same argument in __regmap_init_slimbus().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40317",
"url": "https://www.suse.com/security/cve/CVE-2025-40317"
},
{
"category": "external",
"summary": "SUSE Bug 1254796 for CVE-2025-40317",
"url": "https://bugzilla.suse.com/1254796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40317"
},
{
"cve": "CVE-2025-40318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once\n\nhci_cmd_sync_dequeue_once() does lookup and then cancel\nthe entry under two separate lock sections. Meanwhile,\nhci_cmd_sync_work() can also delete the same entry,\nleading to double list_del() and \"UAF\".\n\nFix this by holding cmd_sync_work_lock across both\nlookup and cancel, so that the entry cannot be removed\nconcurrently.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40318",
"url": "https://www.suse.com/security/cve/CVE-2025-40318"
},
{
"category": "external",
"summary": "SUSE Bug 1254798 for CVE-2025-40318",
"url": "https://bugzilla.suse.com/1254798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40318"
},
{
"cve": "CVE-2025-40319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Sync pending IRQ work before freeing ring buffer\n\nFix a race where irq_work can be queued in bpf_ringbuf_commit()\nbut the ring buffer is freed before the work executes.\nIn the syzbot reproducer, a BPF program attached to sched_switch\ntriggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer\nis freed before this work executes, the irq_work thread may accesses\nfreed memory.\nCalling `irq_work_sync(\u0026rb-\u003ework)` ensures that all pending irq_work\ncomplete before freeing the buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40319",
"url": "https://www.suse.com/security/cve/CVE-2025-40319"
},
{
"category": "external",
"summary": "SUSE Bug 1254794 for CVE-2025-40319",
"url": "https://bugzilla.suse.com/1254794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40319"
},
{
"cve": "CVE-2025-40320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40320"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential cfid UAF in smb2_query_info_compound\n\nWhen smb2_query_info_compound() retries, a previously allocated cfid may\nhave been freed in the first attempt.\nBecause cfid wasn\u0027t reset on replay, later cleanup could act on a stale\npointer, leading to a potential use-after-free.\n\nReinitialize cfid to NULL under the replay label.\n\nExample trace (trimmed):\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 1 PID: 11224 at ../lib/refcount.c:28 refcount_warn_saturate+0x9c/0x110\n[...]\nRIP: 0010:refcount_warn_saturate+0x9c/0x110\n[...]\nCall Trace:\n \u003cTASK\u003e\n smb2_query_info_compound+0x29c/0x5c0 [cifs f90b72658819bd21c94769b6a652029a07a7172f]\n ? step_into+0x10d/0x690\n ? __legitimize_path+0x28/0x60\n smb2_queryfs+0x6a/0xf0 [cifs f90b72658819bd21c94769b6a652029a07a7172f]\n smb311_queryfs+0x12d/0x140 [cifs f90b72658819bd21c94769b6a652029a07a7172f]\n ? kmem_cache_alloc+0x18a/0x340\n ? getname_flags+0x46/0x1e0\n cifs_statfs+0x9f/0x2b0 [cifs f90b72658819bd21c94769b6a652029a07a7172f]\n statfs_by_dentry+0x67/0x90\n vfs_statfs+0x16/0xd0\n user_statfs+0x54/0xa0\n __do_sys_statfs+0x20/0x50\n do_syscall_64+0x58/0x80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40320",
"url": "https://www.suse.com/security/cve/CVE-2025-40320"
},
{
"category": "external",
"summary": "SUSE Bug 1254793 for CVE-2025-40320",
"url": "https://bugzilla.suse.com/1254793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40320"
},
{
"cve": "CVE-2025-40321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40321"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode\n\nCurrently, whenever there is a need to transmit an Action frame,\nthe brcmfmac driver always uses the P2P vif to send the \"actframe\" IOVAR to\nfirmware. The P2P interfaces were available when wpa_supplicant is managing\nthe wlan interface.\n\nHowever, the P2P interfaces are not created/initialized when only hostapd\nis managing the wlan interface. And if hostapd receives an ANQP Query REQ\nAction frame even from an un-associated STA, the brcmfmac driver tries\nto use an uninitialized P2P vif pointer for sending the IOVAR to firmware.\nThis NULL pointer dereferencing triggers a driver crash.\n\n [ 1417.074538] Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000000\n [...]\n [ 1417.075188] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n [...]\n [ 1417.075653] Call trace:\n [ 1417.075662] brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac]\n [ 1417.075738] brcmf_cfg80211_mgmt_tx+0x304/0x5c0 [brcmfmac]\n [ 1417.075810] cfg80211_mlme_mgmt_tx+0x1b0/0x428 [cfg80211]\n [ 1417.076067] nl80211_tx_mgmt+0x238/0x388 [cfg80211]\n [ 1417.076281] genl_family_rcv_msg_doit+0xe0/0x158\n [ 1417.076302] genl_rcv_msg+0x220/0x2a0\n [ 1417.076317] netlink_rcv_skb+0x68/0x140\n [ 1417.076330] genl_rcv+0x40/0x60\n [ 1417.076343] netlink_unicast+0x330/0x3b8\n [ 1417.076357] netlink_sendmsg+0x19c/0x3f8\n [ 1417.076370] __sock_sendmsg+0x64/0xc0\n [ 1417.076391] ____sys_sendmsg+0x268/0x2a0\n [ 1417.076408] ___sys_sendmsg+0xb8/0x118\n [ 1417.076427] __sys_sendmsg+0x90/0xf8\n [ 1417.076445] __arm64_sys_sendmsg+0x2c/0x40\n [ 1417.076465] invoke_syscall+0x50/0x120\n [ 1417.076486] el0_svc_common.constprop.0+0x48/0xf0\n [ 1417.076506] do_el0_svc+0x24/0x38\n [ 1417.076525] el0_svc+0x30/0x100\n [ 1417.076548] el0t_64_sync_handler+0x100/0x130\n [ 1417.076569] el0t_64_sync+0x190/0x198\n [ 1417.076589] Code: f9401e80 aa1603e2 f9403be1 5280e483 (f9400000)\n\nFix this, by always using the vif corresponding to the wdev on which the\nAction frame Transmission request was initiated by the userspace. This way,\neven if P2P vif is not available, the IOVAR is sent to firmware on AP vif\nand the ANQP Query RESP Action frame is transmitted without crashing the\ndriver.\n\nMove init_completion() for \"send_af_done\" from brcmf_p2p_create_p2pdev()\nto brcmf_p2p_attach(). Because the former function would not get executed\nwhen only hostapd is managing wlan interface, and it is not safe to do\nreinit_completion() later in brcmf_p2p_tx_action_frame(), without any prior\ninit_completion().\n\nAnd in the brcmf_p2p_tx_action_frame() function, the condition check for\nP2P Presence response frame is not needed, since the wpa_supplicant is\nproperly sending the P2P Presense Response frame on the P2P-GO vif instead\nof the P2P-Device vif.\n\n[Cc stable]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40321",
"url": "https://www.suse.com/security/cve/CVE-2025-40321"
},
{
"category": "external",
"summary": "SUSE Bug 1254795 for CVE-2025-40321",
"url": "https://bugzilla.suse.com/1254795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40321"
},
{
"cve": "CVE-2025-40322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: bitblit: bound-check glyph index in bit_putcs*\n\nbit_putcs_aligned()/unaligned() derived the glyph pointer from the\ncharacter value masked by 0xff/0x1ff, which may exceed the actual font\u0027s\nglyph count and read past the end of the built-in font array.\nClamp the index to the actual glyph count before computing the address.\n\nThis fixes a global out-of-bounds read reported by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40322",
"url": "https://www.suse.com/security/cve/CVE-2025-40322"
},
{
"category": "external",
"summary": "SUSE Bug 1255092 for CVE-2025-40322",
"url": "https://bugzilla.suse.com/1255092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40322"
},
{
"cve": "CVE-2025-40323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Set fb_display[i]-\u003emode to NULL when the mode is released\n\nRecently, we discovered the following issue through syzkaller:\n\nBUG: KASAN: slab-use-after-free in fb_mode_is_equal+0x285/0x2f0\nRead of size 4 at addr ff11000001b3c69c by task syz.xxx\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xab/0xe0\n print_address_description.constprop.0+0x2c/0x390\n print_report+0xb9/0x280\n kasan_report+0xb8/0xf0\n fb_mode_is_equal+0x285/0x2f0\n fbcon_mode_deleted+0x129/0x180\n fb_set_var+0xe7f/0x11d0\n do_fb_ioctl+0x6a0/0x750\n fb_ioctl+0xe0/0x140\n __x64_sys_ioctl+0x193/0x210\n do_syscall_64+0x5f/0x9c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nBased on experimentation and analysis, during framebuffer unregistration,\nonly the memory of fb_info-\u003emodelist is freed, without setting the\ncorresponding fb_display[i]-\u003emode to NULL for the freed modes. This leads\nto UAF issues during subsequent accesses. Here\u0027s an example of reproduction\nsteps:\n1. With /dev/fb0 already registered in the system, load a kernel module\n to register a new device /dev/fb1;\n2. Set fb1\u0027s mode to the global fb_display[] array (via FBIOPUT_CON2FBMAP);\n3. Switch console from fb to VGA (to allow normal rmmod of the ko);\n4. Unload the kernel module, at this point fb1\u0027s modelist is freed, leaving\n a wild pointer in fb_display[];\n5. Trigger the bug via system calls through fb0 attempting to delete a mode\n from fb0.\n\nAdd a check in do_unregister_framebuffer(): if the mode to be freed exists\nin fb_display[], set the corresponding mode pointer to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40323",
"url": "https://www.suse.com/security/cve/CVE-2025-40323"
},
{
"category": "external",
"summary": "SUSE Bug 1255094 for CVE-2025-40323",
"url": "https://bugzilla.suse.com/1255094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40323"
},
{
"cve": "CVE-2025-40324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40324"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix crash in nfsd4_read_release()\n\nWhen tracing is enabled, the trace_nfsd_read_done trace point\ncrashes during the pynfs read.testNoFh test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40324",
"url": "https://www.suse.com/security/cve/CVE-2025-40324"
},
{
"category": "external",
"summary": "SUSE Bug 1254791 for CVE-2025-40324",
"url": "https://bugzilla.suse.com/1254791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40324"
},
{
"cve": "CVE-2025-40329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40329"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb\n\nThe Mesa issue referenced below pointed out a possible deadlock:\n\n[ 1231.611031] Possible interrupt unsafe locking scenario:\n\n[ 1231.611033] CPU0 CPU1\n[ 1231.611034] ---- ----\n[ 1231.611035] lock(\u0026xa-\u003exa_lock#17);\n[ 1231.611038] local_irq_disable();\n[ 1231.611039] lock(\u0026fence-\u003elock);\n[ 1231.611041] lock(\u0026xa-\u003exa_lock#17);\n[ 1231.611044] \u003cInterrupt\u003e\n[ 1231.611045] lock(\u0026fence-\u003elock);\n[ 1231.611047]\n *** DEADLOCK ***\n\nIn this example, CPU0 would be any function accessing job-\u003edependencies\nthrough the xa_* functions that don\u0027t disable interrupts (eg:\ndrm_sched_job_add_dependency(), drm_sched_entity_kill_jobs_cb()).\n\nCPU1 is executing drm_sched_entity_kill_jobs_cb() as a fence signalling\ncallback so in an interrupt context. It will deadlock when trying to\ngrab the xa_lock which is already held by CPU0.\n\nReplacing all xa_* usage by their xa_*_irq counterparts would fix\nthis issue, but Christian pointed out another issue: dma_fence_signal\ntakes fence.lock and so does dma_fence_add_callback.\n\n dma_fence_signal() // locks f1.lock\n -\u003e drm_sched_entity_kill_jobs_cb()\n -\u003e foreach dependencies\n -\u003e dma_fence_add_callback() // locks f2.lock\n\nThis will deadlock if f1 and f2 share the same spinlock.\n\nTo fix both issues, the code iterating on dependencies and re-arming them\nis moved out to drm_sched_entity_kill_jobs_work().\n\n[phasta: commit message nits]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40329",
"url": "https://www.suse.com/security/cve/CVE-2025-40329"
},
{
"category": "external",
"summary": "SUSE Bug 1254621 for CVE-2025-40329",
"url": "https://bugzilla.suse.com/1254621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40329"
},
{
"cve": "CVE-2025-40330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40330"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Shutdown FW DMA in bnxt_shutdown()\n\nThe netif_close() call in bnxt_shutdown() only stops packet DMA. There\nmay be FW DMA for trace logging (recently added) that will continue. If\nwe kexec to a new kernel, the DMA will corrupt memory in the new kernel.\n\nAdd bnxt_hwrm_func_drv_unrgtr() to unregister the driver from the FW.\nThis will stop the FW DMA. In case the call fails, call pcie_flr() to\nreset the function and stop the DMA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40330",
"url": "https://www.suse.com/security/cve/CVE-2025-40330"
},
{
"category": "external",
"summary": "SUSE Bug 1254616 for CVE-2025-40330",
"url": "https://bugzilla.suse.com/1254616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40330"
},
{
"cve": "CVE-2025-40331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40331"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Prevent TOCTOU out-of-bounds write\n\nFor the following path not holding the sock lock,\n\n sctp_diag_dump() -\u003e sctp_for_each_endpoint() -\u003e sctp_ep_dump()\n\nmake sure not to exceed bounds in case the address list has grown\nbetween buffer allocation (time-of-check) and write (time-of-use).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40331",
"url": "https://www.suse.com/security/cve/CVE-2025-40331"
},
{
"category": "external",
"summary": "SUSE Bug 1254615 for CVE-2025-40331",
"url": "https://bugzilla.suse.com/1254615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40331"
},
{
"cve": "CVE-2025-40332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix mmap write lock not release\n\nIf mmap write lock is taken while draining retry fault, mmap write lock\nis not released because svm_range_restore_pages calls mmap_read_unlock\nthen returns. This causes deadlock and system hangs later because mmap\nread or write lock cannot be taken.\n\nDowngrade mmap write lock to read lock if draining retry fault fix this\nbug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40332",
"url": "https://www.suse.com/security/cve/CVE-2025-40332"
},
{
"category": "external",
"summary": "SUSE Bug 1255116 for CVE-2025-40332",
"url": "https://bugzilla.suse.com/1255116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40332"
},
{
"cve": "CVE-2025-40337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Correctly handle Rx checksum offload errors\n\nThe stmmac_rx function would previously set skb-\u003eip_summed to\nCHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled\nand the packet was of a known IP ethertype.\n\nHowever, this logic failed to check if the hardware had actually\nreported a checksum error. The hardware status, indicating a header or\npayload checksum failure, was being ignored at this stage. This could\ncause corrupt packets to be passed up the network stack as valid.\n\nThis patch corrects the logic by checking the `csum_none` status flag,\nwhich is set when the hardware reports a checksum error. If this flag\nis set, skb-\u003eip_summed is now correctly set to CHECKSUM_NONE,\nensuring the kernel\u0027s network stack will perform its own validation and\nproperly handle the corrupt packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40337",
"url": "https://www.suse.com/security/cve/CVE-2025-40337"
},
{
"category": "external",
"summary": "SUSE Bug 1255081 for CVE-2025-40337",
"url": "https://bugzilla.suse.com/1255081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40337"
},
{
"cve": "CVE-2025-40338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Do not share the name pointer between components\n\nBy sharing \u0027name\u0027 directly, tearing down components may lead to\nuse-after-free errors. Duplicate the name to avoid that.\n\nAt the same time, update the order of operations - since commit\ncee28113db17 (\"ASoC: dmaengine_pcm: Allow passing component name via\nconfig\") the framework does not override component-\u003ename if set before\ninvoking the initializer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40338",
"url": "https://www.suse.com/security/cve/CVE-2025-40338"
},
{
"category": "external",
"summary": "SUSE Bug 1255273 for CVE-2025-40338",
"url": "https://bugzilla.suse.com/1255273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40338"
},
{
"cve": "CVE-2025-40339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40339"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix nullptr err of vm_handle_moved\n\nIf a amdgpu_bo_va is fpriv-\u003eprt_va, the bo of this one is always NULL.\nSo, such kind of amdgpu_bo_va should be updated separately before\namdgpu_vm_handle_moved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40339",
"url": "https://www.suse.com/security/cve/CVE-2025-40339"
},
{
"category": "external",
"summary": "SUSE Bug 1255428 for CVE-2025-40339",
"url": "https://bugzilla.suse.com/1255428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40339"
},
{
"cve": "CVE-2025-40340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40340"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix oops in xe_gem_fault when running core_hotunplug test.\n\nI saw an oops in xe_gem_fault when running the xe-fast-feedback\ntestlist against the realtime kernel without debug options enabled.\n\nThe panic happens after core_hotunplug unbind-rebind finishes.\nPresumably what happens is that a process mmaps, unlocks because\nof the FAULT_FLAG_RETRY_NOWAIT logic, has no process memory left,\ncausing ttm_bo_vm_dummy_page() to return VM_FAULT_NOPAGE, since\nthere was nothing left to populate, and then oopses in\n\"mem_type_is_vram(tbo-\u003eresource-\u003emem_type)\" because tbo-\u003eresource\nis NULL.\n\nIt\u0027s convoluted, but fits the data and explains the oops after\nthe test exits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40340",
"url": "https://www.suse.com/security/cve/CVE-2025-40340"
},
{
"category": "external",
"summary": "SUSE Bug 1254996 for CVE-2025-40340",
"url": "https://bugzilla.suse.com/1254996"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40340"
},
{
"cve": "CVE-2025-40342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: use lock accessing port_state and rport state\n\nnvme_fc_unregister_remote removes the remote port on a lport object at\nany point in time when there is no active association. This races with\nwith the reconnect logic, because nvme_fc_create_association is not\ntaking a lock to check the port_state and atomically increase the\nactive count on the rport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40342",
"url": "https://www.suse.com/security/cve/CVE-2025-40342"
},
{
"category": "external",
"summary": "SUSE Bug 1255274 for CVE-2025-40342",
"url": "https://bugzilla.suse.com/1255274"
},
{
"category": "external",
"summary": "SUSE Bug 1255275 for CVE-2025-40342",
"url": "https://bugzilla.suse.com/1255275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40342"
},
{
"cve": "CVE-2025-40343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-fc: avoid scheduling association deletion twice\n\nWhen forcefully shutting down a port via the configfs interface,\nnvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and\nthen nvmet_disable_port(). Both functions will eventually schedule all\nremaining associations for deletion.\n\nThe current implementation checks whether an association is about to be\nremoved, but only after the work item has already been scheduled. As a\nresult, it is possible for the first scheduled work item to free all\nresources, and then for the same work item to be scheduled again for\ndeletion.\n\nBecause the association list is an RCU list, it is not possible to take\na lock and remove the list entry directly, so it cannot be looked up\nagain. Instead, a flag (terminating) must be used to determine whether\nthe association is already in the process of being deleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40343",
"url": "https://www.suse.com/security/cve/CVE-2025-40343"
},
{
"category": "external",
"summary": "SUSE Bug 1255276 for CVE-2025-40343",
"url": "https://bugzilla.suse.com/1255276"
},
{
"category": "external",
"summary": "SUSE Bug 1255278 for CVE-2025-40343",
"url": "https://bugzilla.suse.com/1255278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-40343"
},
{
"cve": "CVE-2025-40345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: storage: sddr55: Reject out-of-bound new_pba\n\nDiscovered by Atuin - Automated Vulnerability Discovery Engine.\n\nnew_pba comes from the status packet returned after each write.\nA bogus device could report values beyond the block count derived\nfrom info-\u003ecapacity, letting the driver walk off the end of\npba_to_lba[] and corrupt heap memory.\n\nReject PBAs that exceed the computed block count and fail the\ntransfer so we avoid touching out-of-range mapping entries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40345",
"url": "https://www.suse.com/security/cve/CVE-2025-40345"
},
{
"category": "external",
"summary": "SUSE Bug 1255279 for CVE-2025-40345",
"url": "https://bugzilla.suse.com/1255279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40345"
},
{
"cve": "CVE-2025-40346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40346"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narch_topology: Fix incorrect error check in topology_parse_cpu_capacity()\n\nFix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity()\nwhich causes the code to proceed with NULL clock pointers. The current\nlogic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both\nvalid pointers and NULL, leading to potential NULL pointer dereference\nin clk_get_rate().\n\nPer include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns:\n\"The error code within @ptr if it is an error pointer; 0 otherwise.\"\n\nThis means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL\npointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed)\nwhen cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be\ncalled when of_clk_get() returns NULL.\n\nReplace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid\npointers, preventing potential NULL pointer dereference in clk_get_rate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40346",
"url": "https://www.suse.com/security/cve/CVE-2025-40346"
},
{
"category": "external",
"summary": "SUSE Bug 1255318 for CVE-2025-40346",
"url": "https://bugzilla.suse.com/1255318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40346"
},
{
"cve": "CVE-2025-40347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40347"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: fix the deadlock of enetc_mdio_lock\n\nAfter applying the workaround for err050089, the LS1028A platform\nexperiences RCU stalls on RT kernel. This issue is caused by the\nrecursive acquisition of the read lock enetc_mdio_lock. Here list some\nof the call stacks identified under the enetc_poll path that may lead to\na deadlock:\n\nenetc_poll\n -\u003e enetc_lock_mdio\n -\u003e enetc_clean_rx_ring OR napi_complete_done\n -\u003e napi_gro_receive\n -\u003e enetc_start_xmit\n -\u003e enetc_lock_mdio\n -\u003e enetc_map_tx_buffs\n -\u003e enetc_unlock_mdio\n -\u003e enetc_unlock_mdio\n\nAfter enetc_poll acquires the read lock, a higher-priority writer attempts\nto acquire the lock, causing preemption. The writer detects that a\nread lock is already held and is scheduled out. However, readers under\nenetc_poll cannot acquire the read lock again because a writer is already\nwaiting, leading to a thread hang.\n\nCurrently, the deadlock is avoided by adjusting enetc_lock_mdio to prevent\nrecursive lock acquisition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40347",
"url": "https://www.suse.com/security/cve/CVE-2025-40347"
},
{
"category": "external",
"summary": "SUSE Bug 1255262 for CVE-2025-40347",
"url": "https://bugzilla.suse.com/1255262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40347"
},
{
"cve": "CVE-2025-40349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: validate record offset in hfsplus_bmap_alloc\n\nhfsplus_bmap_alloc can trigger a crash if a\nrecord offset or length is larger than node_size\n\n[ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x887/0x8b0\n[ 15.265192] Read of size 8 at addr ffff8881085ca188 by task test/183\n[ 15.265949]\n[ 15.266163] CPU: 0 UID: 0 PID: 183 Comm: test Not tainted 6.17.0-rc2-gc17b750b3ad9 #14 PREEMPT(voluntary)\n[ 15.266165] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 15.266167] Call Trace:\n[ 15.266168] \u003cTASK\u003e\n[ 15.266169] dump_stack_lvl+0x53/0x70\n[ 15.266173] print_report+0xd0/0x660\n[ 15.266181] kasan_report+0xce/0x100\n[ 15.266185] hfsplus_bmap_alloc+0x887/0x8b0\n[ 15.266208] hfs_btree_inc_height.isra.0+0xd5/0x7c0\n[ 15.266217] hfsplus_brec_insert+0x870/0xb00\n[ 15.266222] __hfsplus_ext_write_extent+0x428/0x570\n[ 15.266225] __hfsplus_ext_cache_extent+0x5e/0x910\n[ 15.266227] hfsplus_ext_read_extent+0x1b2/0x200\n[ 15.266233] hfsplus_file_extend+0x5a7/0x1000\n[ 15.266237] hfsplus_get_block+0x12b/0x8c0\n[ 15.266238] __block_write_begin_int+0x36b/0x12c0\n[ 15.266251] block_write_begin+0x77/0x110\n[ 15.266252] cont_write_begin+0x428/0x720\n[ 15.266259] hfsplus_write_begin+0x51/0x100\n[ 15.266262] cont_write_begin+0x272/0x720\n[ 15.266270] hfsplus_write_begin+0x51/0x100\n[ 15.266274] generic_perform_write+0x321/0x750\n[ 15.266285] generic_file_write_iter+0xc3/0x310\n[ 15.266289] __kernel_write_iter+0x2fd/0x800\n[ 15.266296] dump_user_range+0x2ea/0x910\n[ 15.266301] elf_core_dump+0x2a94/0x2ed0\n[ 15.266320] vfs_coredump+0x1d85/0x45e0\n[ 15.266349] get_signal+0x12e3/0x1990\n[ 15.266357] arch_do_signal_or_restart+0x89/0x580\n[ 15.266362] irqentry_exit_to_user_mode+0xab/0x110\n[ 15.266364] asm_exc_page_fault+0x26/0x30\n[ 15.266366] RIP: 0033:0x41bd35\n[ 15.266367] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 9f 0b 00 00 66 0f ef c0 \u003cf3\u003e 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8f\n[ 15.266369] RSP: 002b:00007ffc9e62d078 EFLAGS: 00010283\n[ 15.266371] RAX: 00007ffc9e62d100 RBX: 0000000000000000 RCX: 0000000000000000\n[ 15.266372] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007ffc9e62d100\n[ 15.266373] RBP: 0000400000000040 R08: 00000000000000e0 R09: 0000000000000000\n[ 15.266374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 15.266375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000400000000000\n[ 15.266376] \u003c/TASK\u003e\n\nWhen calling hfsplus_bmap_alloc to allocate a free node, this function\nfirst retrieves the bitmap from header node and map node using node-\u003epage\ntogether with the offset and length from hfs_brec_lenoff\n\n```\nlen = hfs_brec_lenoff(node, 2, \u0026off16);\noff = off16;\n\noff += node-\u003epage_offset;\npagep = node-\u003epage + (off \u003e\u003e PAGE_SHIFT);\ndata = kmap_local_page(*pagep);\n```\n\nHowever, if the retrieved offset or length is invalid(i.e. exceeds\nnode_size), the code may end up accessing pages outside the allocated\nrange for this node.\n\nThis patch adds proper validation of both offset and length before use,\npreventing out-of-bounds page access. Move is_bnode_offset_valid and\ncheck_and_correct_requested_length to hfsplus_fs.h, as they may be\nrequired by other functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40349",
"url": "https://www.suse.com/security/cve/CVE-2025-40349"
},
{
"category": "external",
"summary": "SUSE Bug 1255280 for CVE-2025-40349",
"url": "https://bugzilla.suse.com/1255280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40349"
},
{
"cve": "CVE-2025-40351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40351"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()\n\nThe syzbot reported issue in hfsplus_delete_cat():\n\n[ 70.682285][ T9333] =====================================================\n[ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220\n[ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220\n[ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0\n[ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310\n[ 70.685048][ T9333] vfs_rmdir+0x5ba/0x810\n[ 70.685447][ T9333] do_rmdir+0x964/0xea0\n[ 70.685833][ T9333] __x64_sys_rmdir+0x71/0xb0\n[ 70.686260][ T9333] x64_sys_call+0xcd8/0x3cf0\n[ 70.686695][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.687119][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.687646][ T9333]\n[ 70.687856][ T9333] Uninit was stored to memory at:\n[ 70.688311][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0\n[ 70.688779][ T9333] hfsplus_create_cat+0x148e/0x1800\n[ 70.689231][ T9333] hfsplus_mknod+0x27f/0x600\n[ 70.689730][ T9333] hfsplus_mkdir+0x5a/0x70\n[ 70.690146][ T9333] vfs_mkdir+0x483/0x7a0\n[ 70.690545][ T9333] do_mkdirat+0x3f2/0xd30\n[ 70.690944][ T9333] __x64_sys_mkdir+0x9a/0xf0\n[ 70.691380][ T9333] x64_sys_call+0x2f89/0x3cf0\n[ 70.691816][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.692229][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.692773][ T9333]\n[ 70.692990][ T9333] Uninit was stored to memory at:\n[ 70.693469][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0\n[ 70.693960][ T9333] hfsplus_create_cat+0x148e/0x1800\n[ 70.694438][ T9333] hfsplus_fill_super+0x21c1/0x2700\n[ 70.694911][ T9333] mount_bdev+0x37b/0x530\n[ 70.695320][ T9333] hfsplus_mount+0x4d/0x60\n[ 70.695729][ T9333] legacy_get_tree+0x113/0x2c0\n[ 70.696167][ T9333] vfs_get_tree+0xb3/0x5c0\n[ 70.696588][ T9333] do_new_mount+0x73e/0x1630\n[ 70.697013][ T9333] path_mount+0x6e3/0x1eb0\n[ 70.697425][ T9333] __se_sys_mount+0x733/0x830\n[ 70.697857][ T9333] __x64_sys_mount+0xe4/0x150\n[ 70.698269][ T9333] x64_sys_call+0x2691/0x3cf0\n[ 70.698704][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.699117][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.699730][ T9333]\n[ 70.699946][ T9333] Uninit was created at:\n[ 70.700378][ T9333] __alloc_pages_noprof+0x714/0xe60\n[ 70.700843][ T9333] alloc_pages_mpol_noprof+0x2a2/0x9b0\n[ 70.701331][ T9333] alloc_pages_noprof+0xf8/0x1f0\n[ 70.701774][ T9333] allocate_slab+0x30e/0x1390\n[ 70.702194][ T9333] ___slab_alloc+0x1049/0x33a0\n[ 70.702635][ T9333] kmem_cache_alloc_lru_noprof+0x5ce/0xb20\n[ 70.703153][ T9333] hfsplus_alloc_inode+0x5a/0xd0\n[ 70.703598][ T9333] alloc_inode+0x82/0x490\n[ 70.703984][ T9333] iget_locked+0x22e/0x1320\n[ 70.704428][ T9333] hfsplus_iget+0x5c/0xba0\n[ 70.704827][ T9333] hfsplus_btree_open+0x135/0x1dd0\n[ 70.705291][ T9333] hfsplus_fill_super+0x1132/0x2700\n[ 70.705776][ T9333] mount_bdev+0x37b/0x530\n[ 70.706171][ T9333] hfsplus_mount+0x4d/0x60\n[ 70.706579][ T9333] legacy_get_tree+0x113/0x2c0\n[ 70.707019][ T9333] vfs_get_tree+0xb3/0x5c0\n[ 70.707444][ T9333] do_new_mount+0x73e/0x1630\n[ 70.707865][ T9333] path_mount+0x6e3/0x1eb0\n[ 70.708270][ T9333] __se_sys_mount+0x733/0x830\n[ 70.708711][ T9333] __x64_sys_mount+0xe4/0x150\n[ 70.709158][ T9333] x64_sys_call+0x2691/0x3cf0\n[ 70.709630][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.710053][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.710611][ T9333]\n[ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17\n[ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.712490][ T9333] =====================================================\n[ 70.713085][ T9333] Disabling lock debugging due to kernel taint\n[ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ...\n[ 70.714159][ T9333] \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40351",
"url": "https://www.suse.com/security/cve/CVE-2025-40351"
},
{
"category": "external",
"summary": "SUSE Bug 1255281 for CVE-2025-40351",
"url": "https://bugzilla.suse.com/1255281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40351"
},
{
"cve": "CVE-2025-40354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: increase max link count and fix link-\u003eenc NULL pointer access\n\n[why]\n1.) dc-\u003elinks[MAX_LINKS] array size smaller than actual requested.\nmax_connector + max_dpia + 4 virtual = 14.\nincrease from 12 to 14.\n\n2.) hw_init() access null LINK_ENC for dpia non display_endpoint.\n\n(cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40354",
"url": "https://www.suse.com/security/cve/CVE-2025-40354"
},
{
"category": "external",
"summary": "SUSE Bug 1255316 for CVE-2025-40354",
"url": "https://bugzilla.suse.com/1255316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40354"
},
{
"cve": "CVE-2025-40357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40357"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix general protection fault in __smc_diag_dump\n\nThe syzbot report a crash:\n\n Oops: general protection fault, probably for non-canonical address 0xfbd5a5d5a0000003: 0000 [#1] SMP KASAN NOPTI\n KASAN: maybe wild-memory-access in range [0xdead4ead00000018-0xdead4ead0000001f]\n CPU: 1 UID: 0 PID: 6949 Comm: syz.0.335 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:smc_diag_msg_common_fill net/smc/smc_diag.c:44 [inline]\n RIP: 0010:__smc_diag_dump.constprop.0+0x3ca/0x2550 net/smc/smc_diag.c:89\n Call Trace:\n \u003cTASK\u003e\n smc_diag_dump_proto+0x26d/0x420 net/smc/smc_diag.c:217\n smc_diag_dump+0x27/0x90 net/smc/smc_diag.c:234\n netlink_dump+0x539/0xd30 net/netlink/af_netlink.c:2327\n __netlink_dump_start+0x6d6/0x990 net/netlink/af_netlink.c:2442\n netlink_dump_start include/linux/netlink.h:341 [inline]\n smc_diag_handler_dump+0x1f9/0x240 net/smc/smc_diag.c:251\n __sock_diag_cmd net/core/sock_diag.c:249 [inline]\n sock_diag_rcv_msg+0x438/0x790 net/core/sock_diag.c:285\n netlink_rcv_skb+0x158/0x420 net/netlink/af_netlink.c:2552\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0x5a7/0x870 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg net/socket.c:729 [inline]\n ____sys_sendmsg+0xa95/0xc70 net/socket.c:2614\n ___sys_sendmsg+0x134/0x1d0 net/socket.c:2668\n __sys_sendmsg+0x16d/0x220 net/socket.c:2700\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThe process like this:\n\n (CPU1) | (CPU2)\n ---------------------------------|-------------------------------\n inet_create() |\n // init clcsock to NULL |\n sk = sk_alloc() |\n |\n // unexpectedly change clcsock |\n inet_init_csk_locks() |\n |\n // add sk to hash table |\n smc_inet_init_sock() |\n smc_sk_init() |\n smc_hash_sk() |\n | // traverse the hash table\n | smc_diag_dump_proto\n | __smc_diag_dump()\n | // visit wrong clcsock\n | smc_diag_msg_common_fill()\n // alloc clcsock |\n smc_create_clcsk |\n sock_create_kern |\n\nWith CONFIG_DEBUG_LOCK_ALLOC=y, the smc-\u003eclcsock is unexpectedly changed\nin inet_init_csk_locks(). The INET_PROTOSW_ICSK flag is no need by smc,\njust remove it.\n\nAfter removing the INET_PROTOSW_ICSK flag, this patch alse revert\ncommit 6fd27ea183c2 (\"net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\")\nto avoid casting smc_sock to inet_connection_sock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40357",
"url": "https://www.suse.com/security/cve/CVE-2025-40357"
},
{
"category": "external",
"summary": "SUSE Bug 1255097 for CVE-2025-40357",
"url": "https://bugzilla.suse.com/1255097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40357"
},
{
"cve": "CVE-2025-40359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40359"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Fix KASAN global-out-of-bounds warning\n\nWhen running \"perf mem record\" command on CWF, the below KASAN\nglobal-out-of-bounds warning is seen.\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in cmt_latency_data+0x176/0x1b0\n Read of size 4 at addr ffffffffb721d000 by task dtlb/9850\n\n Call Trace:\n\n kasan_report+0xb8/0xf0\n cmt_latency_data+0x176/0x1b0\n setup_arch_pebs_sample_data+0xf49/0x2560\n intel_pmu_drain_arch_pebs+0x577/0xb00\n handle_pmi_common+0x6c4/0xc80\n\nThe issue is caused by below code in __grt_latency_data(). The code\ntries to access x86_hybrid_pmu structure which doesn\u0027t exist on\nnon-hybrid platform like CWF.\n\n WARN_ON_ONCE(hybrid_pmu(event-\u003epmu)-\u003epmu_type == hybrid_big)\n\nSo add is_hybrid() check before calling this WARN_ON_ONCE to fix the\nglobal-out-of-bounds access issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40359",
"url": "https://www.suse.com/security/cve/CVE-2025-40359"
},
{
"category": "external",
"summary": "SUSE Bug 1255087 for CVE-2025-40359",
"url": "https://bugzilla.suse.com/1255087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "low"
}
],
"title": "CVE-2025-40359"
},
{
"cve": "CVE-2025-40360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40360"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sysfb: Do not dereference NULL pointer in plane reset\n\nThe plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not\nderef that pointer, but forward NULL to the other plane-reset helpers.\nClears plane-\u003estate to NULL.\n\nv2:\n- fix typo in commit description (Javier)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40360",
"url": "https://www.suse.com/security/cve/CVE-2025-40360"
},
{
"category": "external",
"summary": "SUSE Bug 1255095 for CVE-2025-40360",
"url": "https://bugzilla.suse.com/1255095"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40360"
},
{
"cve": "CVE-2025-68168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uninitialized waitqueue in transaction manager\n\nThe transaction manager initialization in txInit() was not properly\ninitializing TxBlock[0].waitor waitqueue, causing a crash when\ntxEnd(0) is called on read-only filesystems.\n\nWhen a filesystem is mounted read-only, txBegin() returns tid=0 to\nindicate no transaction. However, txEnd(0) still gets called and\ntries to access TxBlock[0].waitor via tid_to_tblock(0), but this\nwaitqueue was never initialized because the initialization loop\nstarted at index 1 instead of 0.\n\nThis causes a \u0027non-static key\u0027 lockdep warning and system crash:\n INFO: trying to register non-static key in txEnd\n\nFix by ensuring all transaction blocks including TxBlock[0] have\ntheir waitqueues properly initialized during txInit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68168",
"url": "https://www.suse.com/security/cve/CVE-2025-68168"
},
{
"category": "external",
"summary": "SUSE Bug 1255100 for CVE-2025-68168",
"url": "https://bugzilla.suse.com/1255100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68168"
},
{
"cve": "CVE-2025-68170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Do not kfree() devres managed rdev\n\nSince the allocation of the drivers main structure was changed to\ndevm_drm_dev_alloc() rdev is managed by devres and we shouldn\u0027t be calling\nkfree() on it.\n\nThis fixes things exploding if the driver probe fails and devres cleans up\nthe rdev after we already free\u0027d it.\n\n(cherry picked from commit 16c0681617b8a045773d4d87b6140002fa75b03b)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68170",
"url": "https://www.suse.com/security/cve/CVE-2025-68170"
},
{
"category": "external",
"summary": "SUSE Bug 1255256 for CVE-2025-68170",
"url": "https://bugzilla.suse.com/1255256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68170"
},
{
"cve": "CVE-2025-68172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aspeed - fix double free caused by devm\n\nThe clock obtained via devm_clk_get_enabled() is automatically managed\nby devres and will be disabled and freed on driver detach. Manually\ncalling clk_disable_unprepare() in error path and remove function\ncauses double free.\n\nRemove the manual clock cleanup in both aspeed_acry_probe()\u0027s error\npath and aspeed_acry_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68172",
"url": "https://www.suse.com/security/cve/CVE-2025-68172"
},
{
"category": "external",
"summary": "SUSE Bug 1255253 for CVE-2025-68172",
"url": "https://bugzilla.suse.com/1255253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68172"
},
{
"cve": "CVE-2025-68176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: cadence: Check for the existence of cdns_pcie::ops before using it\n\ncdns_pcie::ops might not be populated by all the Cadence glue drivers. This\nis going to be true for the upcoming Sophgo platform which doesn\u0027t set the\nops.\n\nHence, add a check to prevent NULL pointer dereference.\n\n[mani: reworded subject and description]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68176",
"url": "https://www.suse.com/security/cve/CVE-2025-68176"
},
{
"category": "external",
"summary": "SUSE Bug 1255329 for CVE-2025-68176",
"url": "https://bugzilla.suse.com/1255329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68176"
},
{
"cve": "CVE-2025-68180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL deref in debugfs odm_combine_segments\n\nWhen a connector is connected but inactive (e.g., disabled by desktop\nenvironments), pipe_ctx-\u003estream_res.tg will be destroyed. Then, reading\nodm_combine_segments causes kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 16 UID: 0 PID: 26474 Comm: cat Not tainted 6.17.0+ #2 PREEMPT(lazy) e6a17af9ee6db7c63e9d90dbe5b28ccab67520c6\n Hardware name: LENOVO 21Q4/LNVNB161216, BIOS PXCN25WW 03/27/2025\n RIP: 0010:odm_combine_segments_show+0x93/0xf0 [amdgpu]\n Code: 41 83 b8 b0 00 00 00 01 75 6e 48 98 ba a1 ff ff ff 48 c1 e0 0c 48 8d 8c 07 d8 02 00 00 48 85 c9 74 2d 48 8b bc 07 f0 08 00 00 \u003c48\u003e 8b 07 48 8b 80 08 02 00\u003e\n RSP: 0018:ffffd1bf4b953c58 EFLAGS: 00010286\n RAX: 0000000000005000 RBX: ffff8e35976b02d0 RCX: ffff8e3aeed052d8\n RDX: 00000000ffffffa1 RSI: ffff8e35a3120800 RDI: 0000000000000000\n RBP: 0000000000000000 R08: ffff8e3580eb0000 R09: ffff8e35976b02d0\n R10: ffffd1bf4b953c78 R11: 0000000000000000 R12: ffffd1bf4b953d08\n R13: 0000000000040000 R14: 0000000000000001 R15: 0000000000000001\n FS: 00007f44d3f9f740(0000) GS:ffff8e3caa47f000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000006485c2000 CR4: 0000000000f50ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n seq_read_iter+0x125/0x490\n ? __alloc_frozen_pages_noprof+0x18f/0x350\n seq_read+0x12c/0x170\n full_proxy_read+0x51/0x80\n vfs_read+0xbc/0x390\n ? __handle_mm_fault+0xa46/0xef0\n ? do_syscall_64+0x71/0x900\n ksys_read+0x73/0xf0\n do_syscall_64+0x71/0x900\n ? count_memcg_events+0xc2/0x190\n ? handle_mm_fault+0x1d7/0x2d0\n ? do_user_addr_fault+0x21a/0x690\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x6c/0x74\n RIP: 0033:0x7f44d4031687\n Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00\u003e\n RSP: 002b:00007ffdb4b5f0b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000\n RAX: ffffffffffffffda RBX: 00007f44d3f9f740 RCX: 00007f44d4031687\n RDX: 0000000000040000 RSI: 00007f44d3f5e000 RDI: 0000000000000003\n RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007f44d3f5e000\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000040000\n \u003c/TASK\u003e\n Modules linked in: tls tcp_diag inet_diag xt_mark ccm snd_hrtimer snd_seq_dummy snd_seq_midi snd_seq_oss snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device x\u003e\n snd_hda_codec_atihdmi snd_hda_codec_realtek_lib lenovo_wmi_helpers think_lmi snd_hda_codec_generic snd_hda_codec_hdmi snd_soc_core kvm snd_compress uvcvideo sn\u003e\n platform_profile joydev amd_pmc mousedev mac_hid sch_fq_codel uinput i2c_dev parport_pc ppdev lp parport nvme_fabrics loop nfnetlink ip_tables x_tables dm_cryp\u003e\n CR2: 0000000000000000\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:odm_combine_segments_show+0x93/0xf0 [amdgpu]\n Code: 41 83 b8 b0 00 00 00 01 75 6e 48 98 ba a1 ff ff ff 48 c1 e0 0c 48 8d 8c 07 d8 02 00 00 48 85 c9 74 2d 48 8b bc 07 f0 08 00 00 \u003c48\u003e 8b 07 48 8b 80 08 02 00\u003e\n RSP: 0018:ffffd1bf4b953c58 EFLAGS: 00010286\n RAX: 0000000000005000 RBX: ffff8e35976b02d0 RCX: ffff8e3aeed052d8\n RDX: 00000000ffffffa1 RSI: ffff8e35a3120800 RDI: 0000000000000000\n RBP: 0000000000000000 R08: ffff8e3580eb0000 R09: ffff8e35976b02d0\n R10: ffffd1bf4b953c78 R11: 0000000000000000 R12: ffffd1bf4b953d08\n R13: 0000000000040000 R14: 0000000000000001 R15: 0000000000000001\n FS: 00007f44d3f9f740(0000) GS:ffff8e3caa47f000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000006485c2000 CR4: 0000000000f50ef0\n PKRU: 55555554\n\nFix this by checking pipe_ctx-\u003e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68180",
"url": "https://www.suse.com/security/cve/CVE-2025-68180"
},
{
"category": "external",
"summary": "SUSE Bug 1255252 for CVE-2025-68180",
"url": "https://bugzilla.suse.com/1255252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68180"
},
{
"cve": "CVE-2025-68181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Remove calls to drm_put_dev()\n\nSince the allocation of the drivers main structure was changed to\ndevm_drm_dev_alloc() drm_put_dev()\u0027ing to trigger it to be free\u0027d\nshould be done by devres.\n\nHowever, drm_put_dev() is still in the probe error and device remove\npaths. When the driver fails to probe warnings like the following are\nshown because devres is trying to drm_put_dev() after the driver\nalready did it.\n\n[ 5.642230] radeon 0000:01:05.0: probe with driver radeon failed with error -22\n[ 5.649605] ------------[ cut here ]------------\n[ 5.649607] refcount_t: underflow; use-after-free.\n[ 5.649620] WARNING: CPU: 0 PID: 357 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110\n\n(cherry picked from commit 3eb8c0b4c091da0a623ade0d3ee7aa4a93df1ea4)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68181",
"url": "https://www.suse.com/security/cve/CVE-2025-68181"
},
{
"category": "external",
"summary": "SUSE Bug 1255247 for CVE-2025-68181",
"url": "https://bugzilla.suse.com/1255247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68181"
},
{
"cve": "CVE-2025-68183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: don\u0027t clear IMA_DIGSIG flag when setting or removing non-IMA xattr\n\nCurrently when both IMA and EVM are in fix mode, the IMA signature will\nbe reset to IMA hash if a program first stores IMA signature in\nsecurity.ima and then writes/removes some other security xattr for the\nfile.\n\nFor example, on Fedora, after booting the kernel with \"ima_appraise=fix\nevm=fix ima_policy=appraise_tcb\" and installing rpm-plugin-ima,\ninstalling/reinstalling a package will not make good reference IMA\nsignature generated. Instead IMA hash is generated,\n\n # getfattr -m - -d -e hex /usr/bin/bash\n # file: usr/bin/bash\n security.ima=0x0404...\n\nThis happens because when setting security.selinux, the IMA_DIGSIG flag\nthat had been set early was cleared. As a result, IMA hash is generated\nwhen the file is closed.\n\nSimilarly, IMA signature can be cleared on file close after removing\nsecurity xattr like security.evm or setting/removing ACL.\n\nPrevent replacing the IMA file signature with a file hash, by preventing\nthe IMA_DIGSIG flag from being reset.\n\nHere\u0027s a minimal C reproducer which sets security.selinux as the last\nstep which can also replaced by removing security.evm or setting ACL,\n\n #include \u003cstdio.h\u003e\n #include \u003csys/xattr.h\u003e\n #include \u003cfcntl.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cstring.h\u003e\n #include \u003cstdlib.h\u003e\n\n int main() {\n const char* file_path = \"/usr/sbin/test_binary\";\n const char* hex_string = \"030204d33204490066306402304\";\n int length = strlen(hex_string);\n char* ima_attr_value;\n int fd;\n\n fd = open(file_path, O_WRONLY|O_CREAT|O_EXCL, 0644);\n if (fd == -1) {\n perror(\"Error opening file\");\n return 1;\n }\n\n ima_attr_value = (char*)malloc(length / 2 );\n for (int i = 0, j = 0; i \u003c length; i += 2, j++) {\n sscanf(hex_string + i, \"%2hhx\", \u0026ima_attr_value[j]);\n }\n\n if (fsetxattr(fd, \"security.ima\", ima_attr_value, length/2, 0) == -1) {\n perror(\"Error setting extended attribute\");\n close(fd);\n return 1;\n }\n\n const char* selinux_value= \"system_u:object_r:bin_t:s0\";\n if (fsetxattr(fd, \"security.selinux\", selinux_value, strlen(selinux_value), 0) == -1) {\n perror(\"Error setting extended attribute\");\n close(fd);\n return 1;\n }\n\n close(fd);\n\n return 0;\n }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68183",
"url": "https://www.suse.com/security/cve/CVE-2025-68183"
},
{
"category": "external",
"summary": "SUSE Bug 1255251 for CVE-2025-68183",
"url": "https://bugzilla.suse.com/1255251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68183"
},
{
"cve": "CVE-2025-68184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Disable AFBC support on Mediatek DRM driver\n\nCommit c410fa9b07c3 (\"drm/mediatek: Add AFBC support to Mediatek DRM\ndriver\") added AFBC support to Mediatek DRM and enabled the\n32x8/split/sparse modifier.\n\nHowever, this is currently broken on Mediatek MT8188 (Genio 700 EVK\nplatform); tested using upstream Kernel and Mesa (v25.2.1), AFBC is used by\ndefault since Mesa v25.0.\n\nKernel trace reports vblank timeouts constantly, and the render is garbled:\n\n```\n[CRTC:62:crtc-0] vblank wait timed out\nWARNING: CPU: 7 PID: 70 at drivers/gpu/drm/drm_atomic_helper.c:1835 drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c\n[...]\nHardware name: MediaTek Genio-700 EVK (DT)\nWorkqueue: events_unbound commit_work\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c\nlr : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c\nsp : ffff80008337bca0\nx29: ffff80008337bcd0 x28: 0000000000000061 x27: 0000000000000000\nx26: 0000000000000001 x25: 0000000000000000 x24: ffff0000c9dcc000\nx23: 0000000000000001 x22: 0000000000000000 x21: ffff0000c66f2f80\nx20: ffff0000c0d7d880 x19: 0000000000000000 x18: 000000000000000a\nx17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000000\nx14: 0000000000000000 x13: 74756f2064656d69 x12: 742074696177206b\nx11: 0000000000000058 x10: 0000000000000018 x9 : ffff800082396a70\nx8 : 0000000000057fa8 x7 : 0000000000000cce x6 : ffff8000823eea70\nx5 : ffff0001fef5f408 x4 : ffff80017ccee000 x3 : ffff0000c12cb480\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c12cb480\nCall trace:\n drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c (P)\n drm_atomic_helper_commit_tail_rpm+0x64/0x80\n commit_tail+0xa4/0x1a4\n commit_work+0x14/0x20\n process_one_work+0x150/0x290\n worker_thread+0x2d0/0x3ec\n kthread+0x12c/0x210\n ret_from_fork+0x10/0x20\n---[ end trace 0000000000000000 ]---\n```\n\nUntil this gets fixed upstream, disable AFBC support on this platform, as\nit\u0027s currently broken with upstream Mesa.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68184",
"url": "https://www.suse.com/security/cve/CVE-2025-68184"
},
{
"category": "external",
"summary": "SUSE Bug 1255220 for CVE-2025-68184",
"url": "https://bugzilla.suse.com/1255220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68184"
},
{
"cve": "CVE-2025-68185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4_setup_readdir(): insufficient locking for -\u003ed_parent-\u003ed_inode dereferencing\n\nTheoretically it\u0027s an oopsable race, but I don\u0027t believe one can manage\nto hit it on real hardware; might become doable on a KVM, but it still\nwon\u0027t be easy to attack.\n\nAnyway, it\u0027s easy to deal with - since xdr_encode_hyper() is just a call of\nput_unaligned_be64(), we can put that under -\u003ed_lock and be done with that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68185",
"url": "https://www.suse.com/security/cve/CVE-2025-68185"
},
{
"category": "external",
"summary": "SUSE Bug 1255135 for CVE-2025-68185",
"url": "https://bugzilla.suse.com/1255135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68185"
},
{
"cve": "CVE-2025-68190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()\n\nkcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws\nremains NULL while ectx.ws_size is set, leading to a potential NULL\npointer dereference in atom_get_src_int() when accessing WS entries.\n\nReturn -ENOMEM on allocation failure to avoid the NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68190",
"url": "https://www.suse.com/security/cve/CVE-2025-68190"
},
{
"category": "external",
"summary": "SUSE Bug 1255131 for CVE-2025-68190",
"url": "https://bugzilla.suse.com/1255131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68190"
},
{
"cve": "CVE-2025-68192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup\n\nRaw IP packets have no MAC header, leaving skb-\u003emac_header uninitialized.\nThis can trigger kernel panics on ARM64 when xfrm or other subsystems\naccess the offset due to strict alignment checks.\n\nInitialize the MAC header to prevent such crashes.\n\nThis can trigger kernel panics on ARM when running IPsec over the\nqmimux0 interface.\n\nExample trace:\n\n Internal error: Oops: 000000009600004f [#1] SMP\n CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1\n Hardware name: LS1028A RDB Board (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : xfrm_input+0xde8/0x1318\n lr : xfrm_input+0x61c/0x1318\n sp : ffff800080003b20\n Call trace:\n xfrm_input+0xde8/0x1318\n xfrm6_rcv+0x38/0x44\n xfrm6_esp_rcv+0x48/0xa8\n ip6_protocol_deliver_rcu+0x94/0x4b0\n ip6_input_finish+0x44/0x70\n ip6_input+0x44/0xc0\n ipv6_rcv+0x6c/0x114\n __netif_receive_skb_one_core+0x5c/0x8c\n __netif_receive_skb+0x18/0x60\n process_backlog+0x78/0x17c\n __napi_poll+0x38/0x180\n net_rx_action+0x168/0x2f0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68192",
"url": "https://www.suse.com/security/cve/CVE-2025-68192"
},
{
"category": "external",
"summary": "SUSE Bug 1255246 for CVE-2025-68192",
"url": "https://bugzilla.suse.com/1255246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68192"
},
{
"cve": "CVE-2025-68194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imon: make send_packet() more robust\n\nsyzbot is reporting that imon has three problems which result in\nhung tasks due to forever holding device lock [1].\n\nFirst problem is that when usb_rx_callback_intf0() once got -EPROTO error\nafter ictx-\u003edev_present_intf0 became true, usb_rx_callback_intf0()\nresubmits urb after printk(), and resubmitted urb causes\nusb_rx_callback_intf0() to again get -EPROTO error. This results in\nprintk() flooding (RCU stalls).\n\nAlan Stern commented [2] that\n\n In theory it\u0027s okay to resubmit _if_ the driver has a robust\n error-recovery scheme (such as giving up after some fixed limit on the\n number of errors or after some fixed time has elapsed, perhaps with a\n time delay to prevent a flood of errors). Most drivers don\u0027t bother to\n do this; they simply give up right away. This makes them more\n vulnerable to short-term noise interference during USB transfers, but in\n reality such interference is quite rare. There\u0027s nothing really wrong\n with giving up right away.\n\nbut imon has a poor error-recovery scheme which just retries forever;\nthis behavior should be fixed.\n\nSince I\u0027m not sure whether it is safe for imon users to give up upon any\nerror code, this patch takes care of only union of error codes chosen from\nmodules in drivers/media/rc/ directory which handle -EPROTO error (i.e.\nir_toy, mceusb and igorplugusb).\n\nSecond problem is that when usb_rx_callback_intf0() once got -EPROTO error\nbefore ictx-\u003edev_present_intf0 becomes true, usb_rx_callback_intf0() always\nresubmits urb due to commit 8791d63af0cf (\"[media] imon: don\u0027t wedge\nhardware after early callbacks\"). Move the ictx-\u003edev_present_intf0 test\nintroduced by commit 6f6b90c9231a (\"[media] imon: don\u0027t parse scancodes\nuntil intf configured\") to immediately before imon_incoming_packet(), or\nthe first problem explained above happens without printk() flooding (i.e.\nhung task).\n\nThird problem is that when usb_rx_callback_intf0() is not called for some\nreason (e.g. flaky hardware; the reproducer for this problem sometimes\nprevents usb_rx_callback_intf0() from being called),\nwait_for_completion_interruptible() in send_packet() never returns (i.e.\nhung task). As a workaround for such situation, change send_packet() to\nwait for completion with timeout of 10 seconds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68194",
"url": "https://www.suse.com/security/cve/CVE-2025-68194"
},
{
"category": "external",
"summary": "SUSE Bug 1255325 for CVE-2025-68194",
"url": "https://bugzilla.suse.com/1255325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68194"
},
{
"cve": "CVE-2025-68195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode\n\nRunning x86_match_min_microcode_rev() on a Zen5 CPU trips up KASAN for an out\nof bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68195",
"url": "https://www.suse.com/security/cve/CVE-2025-68195"
},
{
"category": "external",
"summary": "SUSE Bug 1255259 for CVE-2025-68195",
"url": "https://bugzilla.suse.com/1255259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68195"
},
{
"cve": "CVE-2025-68197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap()\n\nWith older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER\nfor FW trace data type that has not been initialized. This will result\nin a crash in bnxt_bs_trace_type_wrap(). Add a guard to check for a\nvalid magic_byte pointer before proceeding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68197",
"url": "https://www.suse.com/security/cve/CVE-2025-68197"
},
{
"category": "external",
"summary": "SUSE Bug 1255242 for CVE-2025-68197",
"url": "https://bugzilla.suse.com/1255242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68197"
},
{
"cve": "CVE-2025-68201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: remove two invalid BUG_ON()s\n\nThose can be triggered trivially by userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68201",
"url": "https://www.suse.com/security/cve/CVE-2025-68201"
},
{
"category": "external",
"summary": "SUSE Bug 1255136 for CVE-2025-68201",
"url": "https://bugzilla.suse.com/1255136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68201"
},
{
"cve": "CVE-2025-68204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: arm: scmi: Fix genpd leak on provider registration failure\n\nIf of_genpd_add_provider_onecell() fails during probe, the previously\ncreated generic power domains are not removed, leading to a memory leak\nand potential kernel crash later in genpd_debug_add().\n\nAdd proper error handling to unwind the initialized domains before\nreturning from probe to ensure all resources are correctly released on\nfailure.\n\nExample crash trace observed without this fix:\n\n | Unable to handle kernel paging request at virtual address fffffffffffffc70\n | CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.18.0-rc1 #405 PREEMPT\n | Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform\n | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n | pc : genpd_debug_add+0x2c/0x160\n | lr : genpd_debug_init+0x74/0x98\n | Call trace:\n | genpd_debug_add+0x2c/0x160 (P)\n | genpd_debug_init+0x74/0x98\n | do_one_initcall+0xd0/0x2d8\n | do_initcall_level+0xa0/0x140\n | do_initcalls+0x60/0xa8\n | do_basic_setup+0x28/0x40\n | kernel_init_freeable+0xe8/0x170\n | kernel_init+0x2c/0x140\n | ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68204",
"url": "https://www.suse.com/security/cve/CVE-2025-68204"
},
{
"category": "external",
"summary": "SUSE Bug 1255224 for CVE-2025-68204",
"url": "https://bugzilla.suse.com/1255224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68204"
},
{
"cve": "CVE-2025-68206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: add seqadj extension for natted connections\n\nSequence adjustment may be required for FTP traffic with PASV/EPSV modes.\ndue to need to re-write packet payload (IP, port) on the ftp control\nconnection. This can require changes to the TCP length and expected\nseq / ack_seq.\n\nThe easiest way to reproduce this issue is with PASV mode.\nExample ruleset:\ntable inet ftp_nat {\n ct helper ftp_helper {\n type \"ftp\" protocol tcp\n l3proto inet\n }\n\n chain prerouting {\n type filter hook prerouting priority 0; policy accept;\n tcp dport 21 ct state new ct helper set \"ftp_helper\"\n }\n}\ntable ip nat {\n chain prerouting {\n type nat hook prerouting priority -100; policy accept;\n tcp dport 21 dnat ip prefix to ip daddr map {\n\t\t\t192.168.100.1 : 192.168.13.2/32 }\n }\n\n chain postrouting {\n type nat hook postrouting priority 100 ; policy accept;\n tcp sport 21 snat ip prefix to ip saddr map {\n\t\t\t192.168.13.2 : 192.168.100.1/32 }\n }\n}\n\nNote that the ftp helper gets assigned *after* the dnat setup.\n\nThe inverse (nat after helper assign) is handled by an existing\ncheck in nf_nat_setup_info() and will not show the problem.\n\nTopoloy:\n\n +-------------------+ +----------------------------------+\n | FTP: 192.168.13.2 | \u003c-\u003e | NAT: 192.168.13.3, 192.168.100.1 |\n +-------------------+ +----------------------------------+\n |\n +-----------------------+\n | Client: 192.168.100.2 |\n +-----------------------+\n\nftp nat changes do not work as expected in this case:\nConnected to 192.168.100.1.\n[..]\nftp\u003e epsv\nEPSV/EPRT on IPv4 off.\nftp\u003e ls\n227 Entering passive mode (192,168,100,1,209,129).\n421 Service not available, remote server has closed connection.\n\nKernel logs:\nMissing nfct_seqadj_ext_add() setup call\nWARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_seqadj.c:41\n[..]\n __nf_nat_mangle_tcp_packet+0x100/0x160 [nf_nat]\n nf_nat_ftp+0x142/0x280 [nf_nat_ftp]\n help+0x4d1/0x880 [nf_conntrack_ftp]\n nf_confirm+0x122/0x2e0 [nf_conntrack]\n nf_hook_slow+0x3c/0xb0\n ..\n\nFix this by adding the required extension when a conntrack helper is assigned\nto a connection that has a nat binding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68206",
"url": "https://www.suse.com/security/cve/CVE-2025-68206"
},
{
"category": "external",
"summary": "SUSE Bug 1255142 for CVE-2025-68206",
"url": "https://bugzilla.suse.com/1255142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68206"
},
{
"cve": "CVE-2025-68207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Synchronize Dead CT worker with unbind\n\nCancel and wait for any Dead CT worker to complete before continuing\nwith device unbinding. Else the worker will end up using resources freed\nby the undind operation.\n\n(cherry picked from commit 492671339114e376aaa38626d637a2751cdef263)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68207",
"url": "https://www.suse.com/security/cve/CVE-2025-68207"
},
{
"category": "external",
"summary": "SUSE Bug 1255234 for CVE-2025-68207",
"url": "https://bugzilla.suse.com/1255234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68207"
},
{
"cve": "CVE-2025-68208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: account for current allocated stack depth in widen_imprecise_scalars()\n\nThe usage pattern for widen_imprecise_scalars() looks as follows:\n\n prev_st = find_prev_entry(env, ...);\n queued_st = push_stack(...);\n widen_imprecise_scalars(env, prev_st, queued_st);\n\nWhere prev_st is an ancestor of the queued_st in the explored states\ntree. This ancestor is not guaranteed to have same allocated stack\ndepth as queued_st. E.g. in the following case:\n\n def main():\n for i in 1..2:\n foo(i) // same callsite, differnt param\n\n def foo(i):\n if i == 1:\n use 128 bytes of stack\n iterator based loop\n\nHere, for a second \u0027foo\u0027 call prev_st-\u003eallocated_stack is 128,\nwhile queued_st-\u003eallocated_stack is much smaller.\nwiden_imprecise_scalars() needs to take this into account and avoid\naccessing bpf_verifier_state-\u003eframe[*]-\u003estack out of bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68208",
"url": "https://www.suse.com/security/cve/CVE-2025-68208"
},
{
"category": "external",
"summary": "SUSE Bug 1255227 for CVE-2025-68208",
"url": "https://bugzilla.suse.com/1255227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68208"
},
{
"cve": "CVE-2025-68209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlx5: Fix default values in create CQ\n\nCurrently, CQs without a completion function are assigned the\nmlx5_add_cq_to_tasklet function by default. This is problematic since\nonly user CQs created through the mlx5_ib driver are intended to use\nthis function.\n\nAdditionally, all CQs that will use doorbells instead of polling for\ncompletions must call mlx5_cq_arm. However, the default CQ creation flow\nleaves a valid value in the CQ\u0027s arm_db field, allowing FW to send\ninterrupts to polling-only CQs in certain corner cases.\n\nThese two factors would allow a polling-only kernel CQ to be triggered\nby an EQ interrupt and call a completion function intended only for user\nCQs, causing a null pointer exception.\n\nSome areas in the driver have prevented this issue with one-off fixes\nbut did not address the root cause.\n\nThis patch fixes the described issue by adding defaults to the create CQ\nflow. It adds a default dummy completion function to protect against\nnull pointer exceptions, and it sets an invalid command sequence number\nby default in kernel CQs to prevent the FW from sending an interrupt to\nthe CQ until it is armed. User CQs are responsible for their own\ninitialization values.\n\nCallers of mlx5_core_create_cq are responsible for changing the\ncompletion function and arming the CQ per their needs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68209",
"url": "https://www.suse.com/security/cve/CVE-2025-68209"
},
{
"category": "external",
"summary": "SUSE Bug 1255230 for CVE-2025-68209",
"url": "https://bugzilla.suse.com/1255230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68209"
},
{
"cve": "CVE-2025-68217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: pegasus-notetaker - fix potential out-of-bounds access\n\nIn the pegasus_notetaker driver, the pegasus_probe() function allocates\nthe URB transfer buffer using the wMaxPacketSize value from\nthe endpoint descriptor. An attacker can use a malicious USB descriptor\nto force the allocation of a very small buffer.\n\nSubsequently, if the device sends an interrupt packet with a specific\npattern (e.g., where the first byte is 0x80 or 0x42),\nthe pegasus_parse_packet() function parses the packet without checking\nthe allocated buffer size. This leads to an out-of-bounds memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68217",
"url": "https://www.suse.com/security/cve/CVE-2025-68217"
},
{
"category": "external",
"summary": "SUSE Bug 1255221 for CVE-2025-68217",
"url": "https://bugzilla.suse.com/1255221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68217"
},
{
"cve": "CVE-2025-68218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68218"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: fix lockdep WARN due to partition scan work\n\nBlktests test cases nvme/014, 057 and 058 fail occasionally due to a\nlockdep WARN. As reported in the Closes tag URL, the WARN indicates that\na deadlock can happen due to the dependency among disk-\u003eopen_mutex,\nkblockd workqueue completion and partition_scan_work completion.\n\nTo avoid the lockdep WARN and the potential deadlock, cut the dependency\nby running the partition_scan_work not by kblockd workqueue but by\nnvme_wq.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68218",
"url": "https://www.suse.com/security/cve/CVE-2025-68218"
},
{
"category": "external",
"summary": "SUSE Bug 1255245 for CVE-2025-68218",
"url": "https://bugzilla.suse.com/1255245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68218"
},
{
"cve": "CVE-2025-68222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc\n\ns32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its\nfields are initialized. Notably, num_custom_params is used in\npinconf_generic_parse_dt_config(), resulting in intermittent allocation\nerrors, such as the following splat when probing i2c-imx:\n\n WARNING: CPU: 0 PID: 176 at mm/page_alloc.c:4795 __alloc_pages_noprof+0x290/0x300\n [...]\n Hardware name: NXP S32G3 Reference Design Board 3 (S32G-VNP-RDB3) (DT)\n [...]\n Call trace:\n __alloc_pages_noprof+0x290/0x300 (P)\n ___kmalloc_large_node+0x84/0x168\n __kmalloc_large_node_noprof+0x34/0x120\n __kmalloc_noprof+0x2ac/0x378\n pinconf_generic_parse_dt_config+0x68/0x1a0\n s32_dt_node_to_map+0x104/0x248\n dt_to_map_one_config+0x154/0x1d8\n pinctrl_dt_to_map+0x12c/0x280\n create_pinctrl+0x6c/0x270\n pinctrl_get+0xc0/0x170\n devm_pinctrl_get+0x50/0xa0\n pinctrl_bind_pins+0x60/0x2a0\n really_probe+0x60/0x3a0\n [...]\n __platform_driver_register+0x2c/0x40\n i2c_adap_imx_init+0x28/0xff8 [i2c_imx]\n [...]\n\nThis results in later parse failures that can cause issues in dependent\ndrivers:\n\n s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property\n s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property\n [...]\n pca953x 0-0022: failed writing register: -6\n i2c i2c-0: IMX I2C adapter registered\n s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property\n s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property\n i2c i2c-1: IMX I2C adapter registered\n s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property\n s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property\n i2c i2c-2: IMX I2C adapter registered\n\nFix this by initializing s32_pinctrl_desc with devm_kzalloc() instead of\ndevm_kmalloc() in s32_pinctrl_probe(), which sets the previously\nuninitialized fields to zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68222",
"url": "https://www.suse.com/security/cve/CVE-2025-68222"
},
{
"category": "external",
"summary": "SUSE Bug 1255218 for CVE-2025-68222",
"url": "https://bugzilla.suse.com/1255218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68222"
},
{
"cve": "CVE-2025-68223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: delete radeon_fence_process in is_signaled, no deadlock\n\nDelete the attempt to progress the queue when checking if fence is\nsignaled. This avoids deadlock.\n\ndma-fence_ops::signaled can be called with the fence lock in unknown\nstate. For radeon, the fence lock is also the wait queue lock. This can\ncause a self deadlock when signaled() tries to make forward progress on\nthe wait queue. But advancing the queue is unneeded because incorrectly\nreturning false from signaled() is perfectly acceptable.\n\n(cherry picked from commit 527ba26e50ec2ca2be9c7c82f3ad42998a75d0db)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68223",
"url": "https://www.suse.com/security/cve/CVE-2025-68223"
},
{
"category": "external",
"summary": "SUSE Bug 1255357 for CVE-2025-68223",
"url": "https://bugzilla.suse.com/1255357"
},
{
"category": "external",
"summary": "SUSE Bug 1255358 for CVE-2025-68223",
"url": "https://bugzilla.suse.com/1255358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-68223"
},
{
"cve": "CVE-2025-68230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix gpu page fault after hibernation on PF passthrough\n\nOn PF passthrough environment, after hibernate and then resume, coralgemm\nwill cause gpu page fault.\n\nMode1 reset happens during hibernate, but partition mode is not restored\non resume, register mmCP_HYP_XCP_CTL and mmCP_PSP_XCP_CTL is not right\nafter resume. When CP access the MQD BO, wrong stride size is used,\nthis will cause out of bound access on the MQD BO, resulting page fault.\n\nThe fix is to ensure gfx_v9_4_3_switch_compute_partition() is called\nwhen resume from a hibernation.\nKFD resume is called separately during a reset recovery or resume from\nsuspend sequence. Hence it\u0027s not required to be called as part of\npartition switch.\n\n(cherry picked from commit 5d1b32cfe4a676fe552416cb5ae847b215463a1a)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68230",
"url": "https://www.suse.com/security/cve/CVE-2025-68230"
},
{
"category": "external",
"summary": "SUSE Bug 1255134 for CVE-2025-68230",
"url": "https://bugzilla.suse.com/1255134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68230"
},
{
"cve": "CVE-2025-68233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Add call to put_pid()\n\nAdd a call to put_pid() corresponding to get_task_pid().\nhost1x_memory_context_alloc() does not take ownership of the PID so we\nneed to free it here to avoid leaking.\n\n[mperttunen@nvidia.com: reword commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68233",
"url": "https://www.suse.com/security/cve/CVE-2025-68233"
},
{
"category": "external",
"summary": "SUSE Bug 1255206 for CVE-2025-68233",
"url": "https://bugzilla.suse.com/1255206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68233"
},
{
"cve": "CVE-2025-68235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot\n\nnvkm_falcon_fw::boot is allocated, but no one frees it. This causes a\nkmemleak warning.\n\nMake sure this data is deallocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68235",
"url": "https://www.suse.com/security/cve/CVE-2025-68235"
},
{
"category": "external",
"summary": "SUSE Bug 1255209 for CVE-2025-68235",
"url": "https://bugzilla.suse.com/1255209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68235"
},
{
"cve": "CVE-2025-68237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtdchar: fix integer overflow in read/write ioctls\n\nThe \"req.start\" and \"req.len\" variables are u64 values that come from the\nuser at the start of the function. We mask away the high 32 bits of\n\"req.len\" so that\u0027s capped at U32_MAX but the \"req.start\" variable can go\nup to U64_MAX which means that the addition can still integer overflow.\n\nUse check_add_overflow() to fix this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68237",
"url": "https://www.suse.com/security/cve/CVE-2025-68237"
},
{
"category": "external",
"summary": "SUSE Bug 1255203 for CVE-2025-68237",
"url": "https://bugzilla.suse.com/1255203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68237"
},
{
"cve": "CVE-2025-68238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: cadence: fix DMA device NULL pointer dereference\n\nThe DMA device pointer `dma_dev` was being dereferenced before ensuring\nthat `cdns_ctrl-\u003edmac` is properly initialized.\n\nMove the assignment of `dma_dev` after successfully acquiring the DMA\nchannel to ensure the pointer is valid before use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68238",
"url": "https://www.suse.com/security/cve/CVE-2025-68238"
},
{
"category": "external",
"summary": "SUSE Bug 1255202 for CVE-2025-68238",
"url": "https://bugzilla.suse.com/1255202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68238"
},
{
"cve": "CVE-2025-68239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_misc: restore write access before closing files opened by open_exec()\n\nbm_register_write() opens an executable file using open_exec(), which\ninternally calls do_open_execat() and denies write access on the file to\navoid modification while it is being executed.\n\nHowever, when an error occurs, bm_register_write() closes the file using\nfilp_close() directly. This does not restore the write permission, which\nmay cause subsequent write operations on the same file to fail.\n\nFix this by calling exe_file_allow_write_access() before filp_close() to\nrestore the write permission properly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68239",
"url": "https://www.suse.com/security/cve/CVE-2025-68239"
},
{
"category": "external",
"summary": "SUSE Bug 1255272 for CVE-2025-68239",
"url": "https://bugzilla.suse.com/1255272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68239"
},
{
"cve": "CVE-2025-68244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD\n\nOn completion of i915_vma_pin_ww(), a synchronous variant of\ndma_fence_work_commit() is called. When pinning a VMA to GGTT address\nspace on a Cherry View family processor, or on a Broxton generation SoC\nwith VTD enabled, i.e., when stop_machine() is then called from\nintel_ggtt_bind_vma(), that can potentially lead to lock inversion among\nreservation_ww and cpu_hotplug locks.\n\n[86.861179] ======================================================\n[86.861193] WARNING: possible circular locking dependency detected\n[86.861209] 6.15.0-rc5-CI_DRM_16515-gca0305cadc2d+ #1 Tainted: G U\n[86.861226] ------------------------------------------------------\n[86.861238] i915_module_loa/1432 is trying to acquire lock:\n[86.861252] ffffffff83489090 (cpu_hotplug_lock){++++}-{0:0}, at: stop_machine+0x1c/0x50\n[86.861290]\nbut task is already holding lock:\n[86.861303] ffffc90002e0b4c8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: i915_vma_pin.constprop.0+0x39/0x1d0 [i915]\n[86.862233]\nwhich lock already depends on the new lock.\n[86.862251]\nthe existing dependency chain (in reverse order) is:\n[86.862265]\n-\u003e #5 (reservation_ww_class_mutex){+.+.}-{3:3}:\n[86.862292] dma_resv_lockdep+0x19a/0x390\n[86.862315] do_one_initcall+0x60/0x3f0\n[86.862334] kernel_init_freeable+0x3cd/0x680\n[86.862353] kernel_init+0x1b/0x200\n[86.862369] ret_from_fork+0x47/0x70\n[86.862383] ret_from_fork_asm+0x1a/0x30\n[86.862399]\n-\u003e #4 (reservation_ww_class_acquire){+.+.}-{0:0}:\n[86.862425] dma_resv_lockdep+0x178/0x390\n[86.862440] do_one_initcall+0x60/0x3f0\n[86.862454] kernel_init_freeable+0x3cd/0x680\n[86.862470] kernel_init+0x1b/0x200\n[86.862482] ret_from_fork+0x47/0x70\n[86.862495] ret_from_fork_asm+0x1a/0x30\n[86.862509]\n-\u003e #3 (\u0026mm-\u003emmap_lock){++++}-{3:3}:\n[86.862531] down_read_killable+0x46/0x1e0\n[86.862546] lock_mm_and_find_vma+0xa2/0x280\n[86.862561] do_user_addr_fault+0x266/0x8e0\n[86.862578] exc_page_fault+0x8a/0x2f0\n[86.862593] asm_exc_page_fault+0x27/0x30\n[86.862607] filldir64+0xeb/0x180\n[86.862620] kernfs_fop_readdir+0x118/0x480\n[86.862635] iterate_dir+0xcf/0x2b0\n[86.862648] __x64_sys_getdents64+0x84/0x140\n[86.862661] x64_sys_call+0x1058/0x2660\n[86.862675] do_syscall_64+0x91/0xe90\n[86.862689] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[86.862703]\n-\u003e #2 (\u0026root-\u003ekernfs_rwsem){++++}-{3:3}:\n[86.862725] down_write+0x3e/0xf0\n[86.862738] kernfs_add_one+0x30/0x3c0\n[86.862751] kernfs_create_dir_ns+0x53/0xb0\n[86.862765] internal_create_group+0x134/0x4c0\n[86.862779] sysfs_create_group+0x13/0x20\n[86.862792] topology_add_dev+0x1d/0x30\n[86.862806] cpuhp_invoke_callback+0x4b5/0x850\n[86.862822] cpuhp_issue_call+0xbf/0x1f0\n[86.862836] __cpuhp_setup_state_cpuslocked+0x111/0x320\n[86.862852] __cpuhp_setup_state+0xb0/0x220\n[86.862866] topology_sysfs_init+0x30/0x50\n[86.862879] do_one_initcall+0x60/0x3f0\n[86.862893] kernel_init_freeable+0x3cd/0x680\n[86.862908] kernel_init+0x1b/0x200\n[86.862921] ret_from_fork+0x47/0x70\n[86.862934] ret_from_fork_asm+0x1a/0x30\n[86.862947]\n-\u003e #1 (cpuhp_state_mutex){+.+.}-{3:3}:\n[86.862969] __mutex_lock+0xaa/0xed0\n[86.862982] mutex_lock_nested+0x1b/0x30\n[86.862995] __cpuhp_setup_state_cpuslocked+0x67/0x320\n[86.863012] __cpuhp_setup_state+0xb0/0x220\n[86.863026] page_alloc_init_cpuhp+0x2d/0x60\n[86.863041] mm_core_init+0x22/0x2d0\n[86.863054] start_kernel+0x576/0xbd0\n[86.863068] x86_64_start_reservations+0x18/0x30\n[86.863084] x86_64_start_kernel+0xbf/0x110\n[86.863098] common_startup_64+0x13e/0x141\n[86.863114]\n-\u003e #0 (cpu_hotplug_lock){++++}-{0:0}:\n[86.863135] __lock_acquire+0x16\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68244",
"url": "https://www.suse.com/security/cve/CVE-2025-68244"
},
{
"category": "external",
"summary": "SUSE Bug 1255190 for CVE-2025-68244",
"url": "https://bugzilla.suse.com/1255190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68244"
},
{
"cve": "CVE-2025-68249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: usb: hdm_probe: Fix calling put_device() before device initialization\n\nThe early error path in hdm_probe() can jump to err_free_mdev before\n\u0026mdev-\u003edev has been initialized with device_initialize(). Calling\nput_device(\u0026mdev-\u003edev) there triggers a device core WARN and ends up\ninvoking kref_put(\u0026kobj-\u003ekref, kobject_release) on an uninitialized\nkobject.\n\nIn this path the private struct was only kmalloc\u0027ed and the intended\nrelease is effectively kfree(mdev) anyway, so free it directly instead\nof calling put_device() on an uninitialized device.\n\nThis removes the WARNING and fixes the pre-initialization error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68249",
"url": "https://www.suse.com/security/cve/CVE-2025-68249"
},
{
"category": "external",
"summary": "SUSE Bug 1255233 for CVE-2025-68249",
"url": "https://bugzilla.suse.com/1255233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68249"
},
{
"cve": "CVE-2025-68252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup\n\nIn fastrpc_map_lookup, dma_buf_get is called to obtain a reference to\nthe dma_buf for comparison purposes. However, this reference is never\nreleased when the function returns, leading to a dma_buf memory leak.\n\nFix this by adding dma_buf_put before returning from the function,\nensuring that the temporarily acquired reference is properly released\nregardless of whether a matching map is found.\n\nRule: add",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68252",
"url": "https://www.suse.com/security/cve/CVE-2025-68252"
},
{
"category": "external",
"summary": "SUSE Bug 1255197 for CVE-2025-68252",
"url": "https://bugzilla.suse.com/1255197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68252"
},
{
"cve": "CVE-2025-68255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing\n\nThe Supported Rates IE length from an incoming Association Request frame\nwas used directly as the memcpy() length when copying into a fixed-size\n16-byte stack buffer (supportRate). A malicious station can advertise an\nIE length larger than 16 bytes, causing a stack buffer overflow.\n\nClamp ie_len to the buffer size before copying the Supported Rates IE,\nand correct the bounds check when merging Extended Supported Rates to\nprevent a second potential overflow.\n\nThis prevents kernel stack corruption triggered by malformed association\nrequests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68255",
"url": "https://www.suse.com/security/cve/CVE-2025-68255"
},
{
"category": "external",
"summary": "SUSE Bug 1255395 for CVE-2025-68255",
"url": "https://bugzilla.suse.com/1255395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68255"
},
{
"cve": "CVE-2025-68257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: check device\u0027s attached status in compat ioctls\n\nSyzbot identified an issue [1] that crashes kernel, seemingly due to\nunexistent callback dev-\u003eget_valid_routes(). By all means, this should\nnot occur as said callback must always be set to\nget_zero_valid_routes() in __comedi_device_postconfig().\n\nAs the crash seems to appear exclusively in i386 kernels, at least,\njudging from [1] reports, the blame lies with compat versions\nof standard IOCTL handlers. Several of them are modified and\ndo not use comedi_unlocked_ioctl(). While functionality of these\nioctls essentially copy their original versions, they do not\nhave required sanity check for device\u0027s attached status. This,\nin turn, leads to a possibility of calling select IOCTLs on a\ndevice that has not been properly setup, even via COMEDI_DEVCONFIG.\n\nDoing so on unconfigured devices means that several crucial steps\nare missed, for instance, specifying dev-\u003eget_valid_routes()\ncallback.\n\nFix this somewhat crudely by ensuring device\u0027s attached status before\nperforming any ioctls, improving logic consistency between modern\nand compat functions.\n\n[1] Syzbot report:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCR2: ffffffffffffffd6 CR3: 000000006c717000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n get_valid_routes drivers/comedi/comedi_fops.c:1322 [inline]\n parse_insn+0x78c/0x1970 drivers/comedi/comedi_fops.c:1401\n do_insnlist_ioctl+0x272/0x700 drivers/comedi/comedi_fops.c:1594\n compat_insnlist drivers/comedi/comedi_fops.c:3208 [inline]\n comedi_compat_ioctl+0x810/0x990 drivers/comedi/comedi_fops.c:3273\n __do_compat_sys_ioctl fs/ioctl.c:695 [inline]\n __se_compat_sys_ioctl fs/ioctl.c:638 [inline]\n __ia32_compat_sys_ioctl+0x242/0x370 fs/ioctl.c:638\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68257",
"url": "https://www.suse.com/security/cve/CVE-2025-68257"
},
{
"category": "external",
"summary": "SUSE Bug 1255167 for CVE-2025-68257",
"url": "https://bugzilla.suse.com/1255167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68257"
},
{
"cve": "CVE-2025-68258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: multiq3: sanitize config options in multiq3_attach()\n\nSyzbot identified an issue [1] in multiq3_attach() that induces a\ntask timeout due to open() or COMEDI_DEVCONFIG ioctl operations,\nspecifically, in the case of multiq3 driver.\n\nThis problem arose when syzkaller managed to craft weird configuration\noptions used to specify the number of channels in encoder subdevice.\nIf a particularly great number is passed to s-\u003en_chan in\nmultiq3_attach() via it-\u003eoptions[2], then multiple calls to\nmultiq3_encoder_reset() at the end of driver-specific attach() method\nwill be running for minutes, thus blocking tasks and affected devices\nas well.\n\nWhile this issue is most likely not too dangerous for real-life\ndevices, it still makes sense to sanitize configuration inputs. Enable\na sensible limit on the number of encoder chips (4 chips max, each\nwith 2 channels) to stop this behaviour from manifesting.\n\n[1] Syzbot crash:\nINFO: task syz.2.19:6067 blocked for more than 143 seconds.\n...\nCall Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5254 [inline]\n __schedule+0x17c4/0x4d60 kernel/sched/core.c:6862\n __schedule_loop kernel/sched/core.c:6944 [inline]\n schedule+0x165/0x360 kernel/sched/core.c:6959\n schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7016\n __mutex_lock_common kernel/locking/mutex.c:676 [inline]\n __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760\n comedi_open+0xc0/0x590 drivers/comedi/comedi_fops.c:2868\n chrdev_open+0x4cc/0x5e0 fs/char_dev.c:414\n do_dentry_open+0x953/0x13f0 fs/open.c:965\n vfs_open+0x3b/0x340 fs/open.c:1097\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68258",
"url": "https://www.suse.com/security/cve/CVE-2025-68258"
},
{
"category": "external",
"summary": "SUSE Bug 1255182 for CVE-2025-68258",
"url": "https://bugzilla.suse.com/1255182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68258"
},
{
"cve": "CVE-2025-68259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Don\u0027t skip unrelated instruction if INT3/INTO is replaced\n\nWhen re-injecting a soft interrupt from an INT3, INT0, or (select) INTn\ninstruction, discard the exception and retry the instruction if the code\nstream is changed (e.g. by a different vCPU) between when the CPU\nexecutes the instruction and when KVM decodes the instruction to get the\nnext RIP.\n\nAs effectively predicted by commit 6ef88d6e36c2 (\"KVM: SVM: Re-inject\nINT3/INTO instead of retrying the instruction\"), failure to verify that\nthe correct INTn instruction was decoded can effectively clobber guest\nstate due to decoding the wrong instruction and thus specifying the\nwrong next RIP.\n\nThe bug most often manifests as \"Oops: int3\" panics on static branch\nchecks in Linux guests. Enabling or disabling a static branch in Linux\nuses the kernel\u0027s \"text poke\" code patching mechanism. To modify code\nwhile other CPUs may be executing that code, Linux (temporarily)\nreplaces the first byte of the original instruction with an int3 (opcode\n0xcc), then patches in the new code stream except for the first byte,\nand finally replaces the int3 with the first byte of the new code\nstream. If a CPU hits the int3, i.e. executes the code while it\u0027s being\nmodified, then the guest kernel must look up the RIP to determine how to\nhandle the #BP, e.g. by emulating the new instruction. If the RIP is\nincorrect, then this lookup fails and the guest kernel panics.\n\nThe bug reproduces almost instantly by hacking the guest kernel to\nrepeatedly check a static branch[1] while running a drgn script[2] on\nthe host to constantly swap out the memory containing the guest\u0027s TSS.\n\n[1]: https://gist.github.com/osandov/44d17c51c28c0ac998ea0334edf90b5a\n[2]: https://gist.github.com/osandov/10e45e45afa29b11e0c7209247afc00b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68259",
"url": "https://www.suse.com/security/cve/CVE-2025-68259"
},
{
"category": "external",
"summary": "SUSE Bug 1255199 for CVE-2025-68259",
"url": "https://bugzilla.suse.com/1255199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68259"
},
{
"cve": "CVE-2025-68264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: refresh inline data size before write operations\n\nThe cached ei-\u003ei_inline_size can become stale between the initial size\ncheck and when ext4_update_inline_data()/ext4_create_inline_data() use\nit. Although ext4_get_max_inline_size() reads the correct value at the\ntime of the check, concurrent xattr operations can modify i_inline_size\nbefore ext4_write_lock_xattr() is acquired.\n\nThis causes ext4_update_inline_data() and ext4_create_inline_data() to\nwork with stale capacity values, leading to a BUG_ON() crash in\next4_write_inline_data():\n\n kernel BUG at fs/ext4/inline.c:1331!\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nThe race window:\n1. ext4_get_max_inline_size() reads i_inline_size = 60 (correct)\n2. Size check passes for 50-byte write\n3. [Another thread adds xattr, i_inline_size changes to 40]\n4. ext4_write_lock_xattr() acquires lock\n5. ext4_update_inline_data() uses stale i_inline_size = 60\n6. Attempts to write 50 bytes but only 40 bytes actually available\n7. BUG_ON() triggers\n\nFix this by recalculating i_inline_size via ext4_find_inline_data_nolock()\nimmediately after acquiring xattr_sem. This ensures ext4_update_inline_data()\nand ext4_create_inline_data() work with current values that are protected\nfrom concurrent modifications.\n\nThis is similar to commit a54c4613dac1 (\"ext4: fix race writing to an\ninline_data file while its xattrs are changing\") which fixed i_inline_off\nstaleness. This patch addresses the related i_inline_size staleness issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68264",
"url": "https://www.suse.com/security/cve/CVE-2025-68264"
},
{
"category": "external",
"summary": "SUSE Bug 1255380 for CVE-2025-68264",
"url": "https://bugzilla.suse.com/1255380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68264"
},
{
"cve": "CVE-2025-68286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check NULL before accessing\n\n[WHAT]\nIGT kms_cursor_legacy\u0027s long-nonblocking-modeset-vs-cursor-atomic\nfails with NULL pointer dereference. This can be reproduced with\nboth an eDP panel and a DP monitors connected.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 13 UID: 0 PID: 2960 Comm: kms_cursor_lega Not tainted\n6.16.0-99-custom #8 PREEMPT(voluntary)\n Hardware name: AMD ........\n RIP: 0010:dc_stream_get_scanoutpos+0x34/0x130 [amdgpu]\n Code: 57 4d 89 c7 41 56 49 89 ce 41 55 49 89 d5 41 54 49\n 89 fc 53 48 83 ec 18 48 8b 87 a0 64 00 00 48 89 75 d0 48 c7 c6 e0 41 30\n c2 \u003c48\u003e 8b 38 48 8b 9f 68 06 00 00 e8 8d d7 fd ff 31 c0 48 81 c3 e0 02\n RSP: 0018:ffffd0f3c2bd7608 EFLAGS: 00010292\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffd0f3c2bd7668\n RDX: ffffd0f3c2bd7664 RSI: ffffffffc23041e0 RDI: ffff8b32494b8000\n RBP: ffffd0f3c2bd7648 R08: ffffd0f3c2bd766c R09: ffffd0f3c2bd7760\n R10: ffffd0f3c2bd7820 R11: 0000000000000000 R12: ffff8b32494b8000\n R13: ffffd0f3c2bd7664 R14: ffffd0f3c2bd7668 R15: ffffd0f3c2bd766c\n FS: 000071f631b68700(0000) GS:ffff8b399f114000(0000)\nknlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001b8105000 CR4: 0000000000f50ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n dm_crtc_get_scanoutpos+0xd7/0x180 [amdgpu]\n amdgpu_display_get_crtc_scanoutpos+0x86/0x1c0 [amdgpu]\n ? __pfx_amdgpu_crtc_get_scanout_position+0x10/0x10[amdgpu]\n amdgpu_crtc_get_scanout_position+0x27/0x50 [amdgpu]\n drm_crtc_vblank_helper_get_vblank_timestamp_internal+0xf7/0x400\n drm_crtc_vblank_helper_get_vblank_timestamp+0x1c/0x30\n drm_crtc_get_last_vbltimestamp+0x55/0x90\n drm_crtc_next_vblank_start+0x45/0xa0\n drm_atomic_helper_wait_for_fences+0x81/0x1f0\n ...\n\n(cherry picked from commit 621e55f1919640acab25383362b96e65f2baea3c)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68286",
"url": "https://www.suse.com/security/cve/CVE-2025-68286"
},
{
"category": "external",
"summary": "SUSE Bug 1255351 for CVE-2025-68286",
"url": "https://bugzilla.suse.com/1255351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68286"
},
{
"cve": "CVE-2025-68287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths\n\nThis patch addresses a race condition caused by unsynchronized\nexecution of multiple call paths invoking `dwc3_remove_requests()`,\nleading to premature freeing of USB requests and subsequent crashes.\n\nThree distinct execution paths interact with `dwc3_remove_requests()`:\nPath 1:\nTriggered via `dwc3_gadget_reset_interrupt()` during USB reset\nhandling. The call stack includes:\n- `dwc3_ep0_reset_state()`\n- `dwc3_ep0_stall_and_restart()`\n- `dwc3_ep0_out_start()`\n- `dwc3_remove_requests()`\n- `dwc3_gadget_del_and_unmap_request()`\n\nPath 2:\nAlso initiated from `dwc3_gadget_reset_interrupt()`, but through\n`dwc3_stop_active_transfers()`. The call stack includes:\n- `dwc3_stop_active_transfers()`\n- `dwc3_remove_requests()`\n- `dwc3_gadget_del_and_unmap_request()`\n\nPath 3:\nOccurs independently during `adb root` execution, which triggers\nUSB function unbind and bind operations. The sequence includes:\n- `gserial_disconnect()`\n- `usb_ep_disable()`\n- `dwc3_gadget_ep_disable()`\n- `dwc3_remove_requests()` with `-ESHUTDOWN` status\n\nPath 3 operates asynchronously and lacks synchronization with Paths\n1 and 2. When Path 3 completes, it disables endpoints and frees \u0027out\u0027\nrequests. If Paths 1 or 2 are still processing these requests,\naccessing freed memory leads to a crash due to use-after-free conditions.\n\nTo fix this added check for request completion and skip processing\nif already completed and added the request status for ep0 while queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68287",
"url": "https://www.suse.com/security/cve/CVE-2025-68287"
},
{
"category": "external",
"summary": "SUSE Bug 1255152 for CVE-2025-68287",
"url": "https://bugzilla.suse.com/1255152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68287"
},
{
"cve": "CVE-2025-68289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_eem: Fix memory leak in eem_unwrap\n\nThe existing code did not handle the failure case of usb_ep_queue in the\ncommand path, potentially leading to memory leaks.\n\nImprove error handling to free all allocated resources on usb_ep_queue\nfailure. This patch continues to use goto logic for error handling, as the\nexisting error handling is complex and not easily adaptable to auto-cleanup\nhelpers.\n\nkmemleak results:\n unreferenced object 0xffffff895a512300 (size 240):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n kmem_cache_alloc+0x1b4/0x358\n skb_clone+0x90/0xd8\n eem_unwrap+0x1cc/0x36c\n unreferenced object 0xffffff8a157f4000 (size 256):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n __kmem_cache_alloc_node+0x1b4/0x2dc\n kmalloc_trace+0x48/0x140\n dwc3_gadget_ep_alloc_request+0x58/0x11c\n usb_ep_alloc_request+0x40/0xe4\n eem_unwrap+0x204/0x36c\n unreferenced object 0xffffff8aadbaac00 (size 128):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n __kmem_cache_alloc_node+0x1b4/0x2dc\n __kmalloc+0x64/0x1a8\n eem_unwrap+0x218/0x36c\n unreferenced object 0xffffff89ccef3500 (size 64):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n __kmem_cache_alloc_node+0x1b4/0x2dc\n kmalloc_trace+0x48/0x140\n eem_unwrap+0x238/0x36c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68289",
"url": "https://www.suse.com/security/cve/CVE-2025-68289"
},
{
"category": "external",
"summary": "SUSE Bug 1255155 for CVE-2025-68289",
"url": "https://bugzilla.suse.com/1255155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68289"
},
{
"cve": "CVE-2025-68290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: usb: fix double free on late probe failure\n\nThe MOST subsystem has a non-standard registration function which frees\nthe interface on registration failures and on deregistration.\n\nThis unsurprisingly leads to bugs in the MOST drivers, and a couple of\nrecent changes turned a reference underflow and use-after-free in the\nUSB driver into several double free and a use-after-free on late probe\nfailures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68290",
"url": "https://www.suse.com/security/cve/CVE-2025-68290"
},
{
"category": "external",
"summary": "SUSE Bug 1255154 for CVE-2025-68290",
"url": "https://bugzilla.suse.com/1255154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68290"
},
{
"cve": "CVE-2025-68298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref\n\nIn btusb_mtk_setup(), we set `btmtk_data-\u003eisopkt_intf` to:\n usb_ifnum_to_if(data-\u003eudev, MTK_ISO_IFNUM)\n\nThat function can return NULL in some cases. Even when it returns\nNULL, though, we still go on to call btusb_mtk_claim_iso_intf().\n\nAs of commit e9087e828827 (\"Bluetooth: btusb: mediatek: Add locks for\nusb_driver_claim_interface()\"), calling btusb_mtk_claim_iso_intf()\nwhen `btmtk_data-\u003eisopkt_intf` is NULL will cause a crash because\nwe\u0027ll end up passing a bad pointer to device_lock(). Prior to that\ncommit we\u0027d pass the NULL pointer directly to\nusb_driver_claim_interface() which would detect it and return an\nerror, which was handled.\n\nResolve the crash in btusb_mtk_claim_iso_intf() by adding a NULL check\nat the start of the function. This makes the code handle a NULL\n`btmtk_data-\u003eisopkt_intf` the same way it did before the problematic\ncommit (just with a slight change to the error message printed).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68298",
"url": "https://www.suse.com/security/cve/CVE-2025-68298"
},
{
"category": "external",
"summary": "SUSE Bug 1255124 for CVE-2025-68298",
"url": "https://bugzilla.suse.com/1255124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68298"
},
{
"cve": "CVE-2025-68302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sxgbe: fix potential NULL dereference in sxgbe_rx()\n\nCurrently, when skb is null, the driver prints an error and then\ndereferences skb on the next line.\n\nTo fix this, let\u0027s add a \u0027break\u0027 after the error message to switch\nto sxgbe_rx_refill(), which is similar to the approach taken by the\nother drivers in this particular case, e.g. calxeda with xgmac_rx().\n\nFound during a code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68302",
"url": "https://www.suse.com/security/cve/CVE-2025-68302"
},
{
"category": "external",
"summary": "SUSE Bug 1255121 for CVE-2025-68302",
"url": "https://bugzilla.suse.com/1255121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68302"
},
{
"cve": "CVE-2025-68303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel: punit_ipc: fix memory corruption\n\nThis passes the address of the pointer \"\u0026punit_ipcdev\" when the intent\nwas to pass the pointer itself \"punit_ipcdev\" (without the ampersand).\nThis means that the:\n\n\tcomplete(\u0026ipcdev-\u003ecmd_complete);\n\nin intel_punit_ioc() will write to a wrong memory address corrupting it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68303",
"url": "https://www.suse.com/security/cve/CVE-2025-68303"
},
{
"category": "external",
"summary": "SUSE Bug 1255122 for CVE-2025-68303",
"url": "https://bugzilla.suse.com/1255122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68303"
},
{
"cve": "CVE-2025-68305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sock: Prevent race in socket write iter and sock bind\n\nThere is a potential race condition between sock bind and socket write\niter. bind may free the same cmd via mgmt_pending before write iter sends\nthe cmd, just as syzbot reported in UAF[1].\n\nHere we use hci_dev_lock to synchronize the two, thereby avoiding the\nUAF mentioned in [1].\n\n[1]\nsyzbot reported:\nBUG: KASAN: slab-use-after-free in mgmt_pending_remove+0x3b/0x210 net/bluetooth/mgmt_util.c:316\nRead of size 8 at addr ffff888077164818 by task syz.0.17/5989\nCall Trace:\n mgmt_pending_remove+0x3b/0x210 net/bluetooth/mgmt_util.c:316\n set_link_security+0x5c2/0x710 net/bluetooth/mgmt.c:1918\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg+0x21c/0x270 net/socket.c:742\n sock_write_iter+0x279/0x360 net/socket.c:1195\n\nAllocated by task 5989:\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n set_link_security+0x557/0x710 net/bluetooth/mgmt.c:1910\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg+0x21c/0x270 net/socket.c:742\n sock_write_iter+0x279/0x360 net/socket.c:1195\n\nFreed by task 5991:\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n mgmt_index_removed+0x112/0x2f0 net/bluetooth/mgmt.c:9477\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68305",
"url": "https://www.suse.com/security/cve/CVE-2025-68305"
},
{
"category": "external",
"summary": "SUSE Bug 1255169 for CVE-2025-68305",
"url": "https://bugzilla.suse.com/1255169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68305"
},
{
"cve": "CVE-2025-68306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68306"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface\n\nWhen performing reset tests and encountering abnormal card drop issues\nthat lead to a kernel crash, it is necessary to perform a null check\nbefore releasing resources to avoid attempting to release a null pointer.\n\n\u003c4\u003e[ 29.158070] Hardware name: Google Quigon sku196612/196613 board (DT)\n\u003c4\u003e[ 29.158076] Workqueue: hci0 hci_cmd_sync_work [bluetooth]\n\u003c4\u003e[ 29.158154] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\u003c4\u003e[ 29.158162] pc : klist_remove+0x90/0x158\n\u003c4\u003e[ 29.158174] lr : klist_remove+0x88/0x158\n\u003c4\u003e[ 29.158180] sp : ffffffc0846b3c00\n\u003c4\u003e[ 29.158185] pmr_save: 000000e0\n\u003c4\u003e[ 29.158188] x29: ffffffc0846b3c30 x28: ffffff80cd31f880 x27: ffffff80c1bdc058\n\u003c4\u003e[ 29.158199] x26: dead000000000100 x25: ffffffdbdc624ea3 x24: ffffff80c1bdc4c0\n\u003c4\u003e[ 29.158209] x23: ffffffdbdc62a3e6 x22: ffffff80c6c07000 x21: ffffffdbdc829290\n\u003c4\u003e[ 29.158219] x20: 0000000000000000 x19: ffffff80cd3e0648 x18: 000000031ec97781\n\u003c4\u003e[ 29.158229] x17: ffffff80c1bdc4a8 x16: ffffffdc10576548 x15: ffffff80c1180428\n\u003c4\u003e[ 29.158238] x14: 0000000000000000 x13: 000000000000e380 x12: 0000000000000018\n\u003c4\u003e[ 29.158248] x11: ffffff80c2a7fd10 x10: 0000000000000000 x9 : 0000000100000000\n\u003c4\u003e[ 29.158257] x8 : 0000000000000000 x7 : 7f7f7f7f7f7f7f7f x6 : 2d7223ff6364626d\n\u003c4\u003e[ 29.158266] x5 : 0000008000000000 x4 : 0000000000000020 x3 : 2e7325006465636e\n\u003c4\u003e[ 29.158275] x2 : ffffffdc11afeff8 x1 : 0000000000000000 x0 : ffffffdc11be4d0c\n\u003c4\u003e[ 29.158285] Call trace:\n\u003c4\u003e[ 29.158290] klist_remove+0x90/0x158\n\u003c4\u003e[ 29.158298] device_release_driver_internal+0x20c/0x268\n\u003c4\u003e[ 29.158308] device_release_driver+0x1c/0x30\n\u003c4\u003e[ 29.158316] usb_driver_release_interface+0x70/0x88\n\u003c4\u003e[ 29.158325] btusb_mtk_release_iso_intf+0x68/0xd8 [btusb (HASH:e8b6 5)]\n\u003c4\u003e[ 29.158347] btusb_mtk_reset+0x5c/0x480 [btusb (HASH:e8b6 5)]\n\u003c4\u003e[ 29.158361] hci_cmd_sync_work+0x10c/0x188 [bluetooth (HASH:a4fa 6)]\n\u003c4\u003e[ 29.158430] process_scheduled_works+0x258/0x4e8\n\u003c4\u003e[ 29.158441] worker_thread+0x300/0x428\n\u003c4\u003e[ 29.158448] kthread+0x108/0x1d0\n\u003c4\u003e[ 29.158455] ret_from_fork+0x10/0x20\n\u003c0\u003e[ 29.158467] Code: 91343000 940139d1 f9400268 927ff914 (f9401297)\n\u003c4\u003e[ 29.158474] ---[ end trace 0000000000000000 ]---\n\u003c0\u003e[ 29.167129] Kernel panic - not syncing: Oops: Fatal exception\n\u003c2\u003e[ 29.167144] SMP: stopping secondary CPUs\n\u003c4\u003e[ 29.167158] ------------[ cut here ]------------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68306",
"url": "https://www.suse.com/security/cve/CVE-2025-68306"
},
{
"category": "external",
"summary": "SUSE Bug 1255145 for CVE-2025-68306",
"url": "https://bugzilla.suse.com/1255145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68306"
},
{
"cve": "CVE-2025-68307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs\n\nThe driver lacks the cleanup of failed transfers of URBs. This reduces the\nnumber of available URBs per error by 1. This leads to reduced performance\nand ultimately to a complete stop of the transmission.\n\nIf the sending of a bulk URB fails do proper cleanup:\n- increase netdev stats\n- mark the echo_sbk as free\n- free the driver\u0027s context and do accounting\n- wake the send queue",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68307",
"url": "https://www.suse.com/security/cve/CVE-2025-68307"
},
{
"category": "external",
"summary": "SUSE Bug 1255146 for CVE-2025-68307",
"url": "https://bugzilla.suse.com/1255146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68307"
},
{
"cve": "CVE-2025-68308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68308"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: kvaser_usb: leaf: Fix potential infinite loop in command parsers\n\nThe `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback`\nfunctions contain logic to zero-length commands. These commands are used\nto align data to the USB endpoint\u0027s wMaxPacketSize boundary.\n\nThe driver attempts to skip these placeholders by aligning the buffer\nposition `pos` to the next packet boundary using `round_up()` function.\n\nHowever, if zero-length command is found exactly on a packet boundary\n(i.e., `pos` is a multiple of wMaxPacketSize, including 0), `round_up`\nfunction will return the unchanged value of `pos`. This prevents `pos`\nto be increased, causing an infinite loop in the parsing logic.\n\nThis patch fixes this in the function by using `pos + 1` instead.\nThis ensures that even if `pos` is on a boundary, the calculation is\nbased on `pos + 1`, forcing `round_up()` to always return the next\naligned boundary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68308",
"url": "https://www.suse.com/security/cve/CVE-2025-68308"
},
{
"category": "external",
"summary": "SUSE Bug 1255149 for CVE-2025-68308",
"url": "https://bugzilla.suse.com/1255149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68308"
},
{
"cve": "CVE-2025-68312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Prevents free active kevent\n\nThe root cause of this issue are:\n1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0);\nput the kevent work in global workqueue. However, the kevent has not yet\nbeen scheduled when the usbnet device is unregistered. Therefore, executing\nfree_netdev() results in the \"free active object (kevent)\" error reported\nhere.\n\n2. Another factor is that when calling usbnet_disconnect()-\u003eunregister_netdev(),\nif the usbnet device is up, ndo_stop() is executed to cancel the kevent.\nHowever, because the device is not up, ndo_stop() is not executed.\n\nThe solution to this problem is to cancel the kevent before executing\nfree_netdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68312",
"url": "https://www.suse.com/security/cve/CVE-2025-68312"
},
{
"category": "external",
"summary": "SUSE Bug 1255171 for CVE-2025-68312",
"url": "https://bugzilla.suse.com/1255171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68312"
},
{
"cve": "CVE-2025-68313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Add RDSEED fix for Zen5\n\nThere\u0027s an issue with RDSEED\u0027s 16-bit and 32-bit register output\nvariants on Zen5 which return a random value of 0 \"at a rate inconsistent\nwith randomness while incorrectly signaling success (CF=1)\". Search the\nweb for AMD-SB-7055 for more detail.\n\nAdd a fix glue which checks microcode revisions.\n\n [ bp: Add microcode revisions checking, rewrite. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68313",
"url": "https://www.suse.com/security/cve/CVE-2025-68313"
},
{
"category": "external",
"summary": "SUSE Bug 1255415 for CVE-2025-68313",
"url": "https://bugzilla.suse.com/1255415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68313"
},
{
"cve": "CVE-2025-68328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: stratix10-svc: fix bug in saving controller data\n\nFix the incorrect usage of platform_set_drvdata and dev_set_drvdata. They\nboth are of the same data and overrides each other. This resulted in the\nrmmod of the svc driver to fail and throw a kernel panic for kthread_stop\nand fifo free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68328",
"url": "https://www.suse.com/security/cve/CVE-2025-68328"
},
{
"category": "external",
"summary": "SUSE Bug 1255489 for CVE-2025-68328",
"url": "https://bugzilla.suse.com/1255489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68328"
},
{
"cve": "CVE-2025-68330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68330"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: bmc150: Fix irq assumption regression\n\nThe code in bmc150-accel-core.c unconditionally calls\nbmc150_accel_set_interrupt() in the iio_buffer_setup_ops,\nsuch as on the runtime PM resume path giving a kernel\nsplat like this if the device has no interrupts:\n\nUnable to handle kernel NULL pointer dereference at virtual\n address 00000001 when read\n\nPC is at bmc150_accel_set_interrupt+0x98/0x194\nLR is at __pm_runtime_resume+0x5c/0x64\n(...)\nCall trace:\nbmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108\nbmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc\n__iio_update_buffers from enable_store+0x84/0xc8\nenable_store from kernfs_fop_write_iter+0x154/0x1b4\n\nThis bug seems to have been in the driver since the beginning,\nbut it only manifests recently, I do not know why.\n\nStore the IRQ number in the state struct, as this is a common\npattern in other drivers, then use this to determine if we have\nIRQ support or not.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68330",
"url": "https://www.suse.com/security/cve/CVE-2025-68330"
},
{
"category": "external",
"summary": "SUSE Bug 1255493 for CVE-2025-68330",
"url": "https://bugzilla.suse.com/1255493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68330"
},
{
"cve": "CVE-2025-68331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68331"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer\n\nWhen a UAS device is unplugged during data transfer, there is\na probability of a system panic occurring. The root cause is\nan access to an invalid memory address during URB callback handling.\nSpecifically, this happens when the dma_direct_unmap_sg() function\nis called within the usb_hcd_unmap_urb_for_dma() interface, but the\nsg-\u003edma_address field is 0 and the sg data structure has already been\nfreed.\n\nThe SCSI driver sends transfer commands by invoking uas_queuecommand_lck()\nin uas.c, using the uas_submit_urbs() function to submit requests to USB.\nWithin the uas_submit_urbs() implementation, three URBs (sense_urb,\ndata_urb, and cmd_urb) are sequentially submitted. Device removal may\noccur at any point during uas_submit_urbs execution, which may result\nin URB submission failure. However, some URBs might have been successfully\nsubmitted before the failure, and uas_submit_urbs will return the -ENODEV\nerror code in this case. The current error handling directly calls\nscsi_done(). In the SCSI driver, this eventually triggers scsi_complete()\nto invoke scsi_end_request() for releasing the sgtable. The successfully\nsubmitted URBs, when being unlinked to giveback, call\nusb_hcd_unmap_urb_for_dma() in hcd.c, leading to exceptions during sg\nunmapping operations since the sg data structure has already been freed.\n\nThis patch modifies the error condition check in the uas_submit_urbs()\nfunction. When a UAS device is removed but one or more URBs have already\nbeen successfully submitted to USB, it avoids immediately invoking\nscsi_done() and save the cmnd to devinfo-\u003ecmnd array. If the successfully\nsubmitted URBs is completed before devinfo-\u003eresetting being set, then\nthe scsi_done() function will be called within uas_try_complete() after\nall pending URB operations are finalized. Otherwise, the scsi_done()\nfunction will be called within uas_zap_pending(), which is executed after\nusb_kill_anchored_urbs().\n\nThe error handling only takes effect when uas_queuecommand_lck() calls\nuas_submit_urbs() and returns the error value -ENODEV . In this case,\nthe device is disconnected, and the flow proceeds to uas_disconnect(),\nwhere uas_zap_pending() is invoked to call uas_try_complete().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68331",
"url": "https://www.suse.com/security/cve/CVE-2025-68331"
},
{
"category": "external",
"summary": "SUSE Bug 1255495 for CVE-2025-68331",
"url": "https://bugzilla.suse.com/1255495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68331"
},
{
"cve": "CVE-2025-68332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: c6xdigio: Fix invalid PNP driver unregistration\n\nThe Comedi low-level driver \"c6xdigio\" seems to be for a parallel port\nconnected device. When the Comedi core calls the driver\u0027s Comedi\n\"attach\" handler `c6xdigio_attach()` to configure a Comedi to use this\ndriver, it tries to enable the parallel port PNP resources by\nregistering a PNP driver with `pnp_register_driver()`, but ignores the\nreturn value. (The `struct pnp_driver` it uses has only the `name` and\n`id_table` members filled in.) The driver\u0027s Comedi \"detach\" handler\n`c6xdigio_detach()` unconditionally unregisters the PNP driver with\n`pnp_unregister_driver()`.\n\nIt is possible for `c6xdigio_attach()` to return an error before it\ncalls `pnp_register_driver()` and it is possible for the call to\n`pnp_register_driver()` to return an error (that is ignored). In both\ncases, the driver should not be calling `pnp_unregister_driver()` as it\ndoes in `c6xdigio_detach()`. (Note that `c6xdigio_detach()` will be\ncalled by the Comedi core if `c6xdigio_attach()` returns an error, or if\nthe Comedi core decides to detach the Comedi device from the driver for\nsome other reason.)\n\nThe unconditional call to `pnp_unregister_driver()` without a previous\nsuccessful call to `pnp_register_driver()` will cause\n`driver_unregister()` to issue a warning \"Unexpected driver\nunregister!\". This was detected by Syzbot [1].\n\nAlso, the PNP driver registration and unregistration should be done at\nmodule init and exit time, respectively, not when attaching or detaching\nComedi devices to the driver. (There might be more than one Comedi\ndevice being attached to the driver, although that is unlikely.)\n\nChange the driver to do the PNP driver registration at module init time,\nand the unregistration at module exit time. Since `c6xdigio_detach()`\nnow only calls `comedi_legacy_detach()`, remove the function and change\nthe Comedi driver \"detach\" handler to `comedi_legacy_detach`.\n\n-------------------------------------------\n[1] Syzbot sample crash report:\nUnexpected driver unregister!\nWARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister drivers/base/driver.c:273 [inline]\nWARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister+0x90/0xb0 drivers/base/driver.c:270\nModules linked in:\nCPU: 0 UID: 0 PID: 5970 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nRIP: 0010:driver_unregister drivers/base/driver.c:273 [inline]\nRIP: 0010:driver_unregister+0x90/0xb0 drivers/base/driver.c:270\nCode: 48 89 ef e8 c2 e6 82 fc 48 89 df e8 3a 93 ff ff 5b 5d e9 c3 6d d9 fb e8 be 6d d9 fb 90 48 c7 c7 e0 f8 1f 8c e8 51 a2 97 fb 90 \u003c0f\u003e 0b 90 90 5b 5d e9 a5 6d d9 fb e8 e0 f4 41 fc eb 94 e8 d9 f4 41\nRSP: 0018:ffffc9000373f9a0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff8ff24720 RCX: ffffffff817b6ee8\nRDX: ffff88807c932480 RSI: ffffffff817b6ef5 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8ff24660\nR13: dffffc0000000000 R14: 0000000000000000 R15: ffff88814cca0000\nFS: 000055556dab1500(0000) GS:ffff8881249d9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055f77f285cd0 CR3: 000000007d871000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207\n comedi_device_detach+0x67/0xb0 drivers/comedi/drivers.c:215\n comedi_device_attach+0x43d/0x900 drivers/comedi/drivers.c:1011\n do_devconfig_ioctl+0x1b1/0x710 drivers/comedi/comedi_fops.c:872\n comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2178\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_sys\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68332",
"url": "https://www.suse.com/security/cve/CVE-2025-68332"
},
{
"category": "external",
"summary": "SUSE Bug 1255483 for CVE-2025-68332",
"url": "https://bugzilla.suse.com/1255483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68332"
},
{
"cve": "CVE-2025-68335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()\n\nSyzbot identified an issue [1] in pcl818_ai_cancel(), which stems from\nthe fact that in case of early device detach via pcl818_detach(),\nsubdevice dev-\u003eread_subdev may not have initialized its pointer to\n\u0026struct comedi_async as intended. Thus, any such dereferencing of\n\u0026s-\u003easync-\u003ecmd will lead to general protection fault and kernel crash.\n\nMitigate this problem by removing a call to pcl818_ai_cancel() from\npcl818_detach() altogether. This way, if the subdevice setups its\nsupport for async commands, everything async-related will be\nhandled via subdevice\u0027s own -\u003ecancel() function in\ncomedi_device_detach_locked() even before pcl818_detach(). If no\nsupport for asynchronous commands is provided, there is no need\nto cancel anything either.\n\n[1] Syzbot crash:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\nCPU: 1 UID: 0 PID: 6050 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nRIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762\n...\nCall Trace:\n \u003cTASK\u003e\n pcl818_detach+0x66/0xd0 drivers/comedi/drivers/pcl818.c:1115\n comedi_device_detach_locked+0x178/0x750 drivers/comedi/drivers.c:207\n do_devconfig_ioctl drivers/comedi/comedi_fops.c:848 [inline]\n comedi_unlocked_ioctl+0xcde/0x1020 drivers/comedi/comedi_fops.c:2178\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68335",
"url": "https://www.suse.com/security/cve/CVE-2025-68335"
},
{
"category": "external",
"summary": "SUSE Bug 1255480 for CVE-2025-68335",
"url": "https://bugzilla.suse.com/1255480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68335"
},
{
"cve": "CVE-2025-68339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68339"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm/fore200e: Fix possible data race in fore200e_open()\n\nProtect access to fore200e-\u003eavailable_cell_rate with rate_mtx lock in the\nerror handling path of fore200e_open() to prevent a data race.\n\nThe field fore200e-\u003eavailable_cell_rate is a shared resource used to track\navailable bandwidth. It is concurrently accessed by fore200e_open(),\nfore200e_close(), and fore200e_change_qos().\n\nIn fore200e_open(), the lock rate_mtx is correctly held when subtracting\nvcc-\u003eqos.txtp.max_pcr from available_cell_rate to reserve bandwidth.\nHowever, if the subsequent call to fore200e_activate_vcin() fails, the\nfunction restores the reserved bandwidth by adding back to\navailable_cell_rate without holding the lock.\n\nThis introduces a race condition because available_cell_rate is a global\ndevice resource shared across all VCCs. If the error path in\nfore200e_open() executes concurrently with operations like\nfore200e_close() or fore200e_change_qos() on other VCCs, a\nread-modify-write race occurs.\n\nSpecifically, the error path reads the rate without the lock. If another\nCPU acquires the lock and modifies the rate (e.g., releasing bandwidth in\nfore200e_close()) between this read and the subsequent write, the error\npath will overwrite the concurrent update with a stale value. This results\nin incorrect bandwidth accounting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68339",
"url": "https://www.suse.com/security/cve/CVE-2025-68339"
},
{
"category": "external",
"summary": "SUSE Bug 1255505 for CVE-2025-68339",
"url": "https://bugzilla.suse.com/1255505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68339"
},
{
"cve": "CVE-2025-68340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68340"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: Move team device type change at the end of team_port_add\n\nAttempting to add a port device that is already up will expectedly fail,\nbut not before modifying the team device header_ops.\n\nIn the case of the syzbot reproducer the gre0 device is\nalready in state UP when it attempts to add it as a\nport device of team0, this fails but before that\nheader_ops-\u003ecreate of team0 is changed from eth_header to ipgre_header\nin the call to team_dev_type_check_change.\n\nLater when we end up in ipgre_header() struct ip_tunnel* points to nonsense\nas the private data of the device still holds a struct team.\n\nExample sequence of iproute2 commands to reproduce the hang/BUG():\nip link add dev team0 type team\nip link add dev gre0 type gre\nip link set dev gre0 up\nip link set dev gre0 master team0\nip link set dev team0 up\nping -I team0 1.1.1.1\n\nMove team_dev_type_check_change down where all other checks have passed\nas it changes the dev type with no way to restore it in case\none of the checks that follow it fail.\n\nAlso make sure to preserve the origial mtu assignment:\n - If port_dev is not the same type as dev, dev takes mtu from port_dev\n - If port_dev is the same type as dev, port_dev takes mtu from dev\n\nThis is done by adding a conditional before the call to dev_set_mtu\nto prevent it from assigning port_dev-\u003emtu = dev-\u003emtu and instead\nletting team_dev_type_check_change assign dev-\u003emtu = port_dev-\u003emtu.\nThe conditional is needed because the patch moves the call to\nteam_dev_type_check_change past dev_set_mtu.\n\nTesting:\n - team device driver in-tree selftests\n - Add/remove various devices as slaves of team device\n - syzbot",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68340",
"url": "https://www.suse.com/security/cve/CVE-2025-68340"
},
{
"category": "external",
"summary": "SUSE Bug 1255507 for CVE-2025-68340",
"url": "https://bugzilla.suse.com/1255507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68340"
},
{
"cve": "CVE-2025-68345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()\n\nThe acpi_get_first_physical_node() function can return NULL, in which\ncase the get_device() function also returns NULL, but this value is\nthen dereferenced without checking,so add a check to prevent a crash.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68345",
"url": "https://www.suse.com/security/cve/CVE-2025-68345"
},
{
"category": "external",
"summary": "SUSE Bug 1255601 for CVE-2025-68345",
"url": "https://bugzilla.suse.com/1255601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68345"
},
{
"cve": "CVE-2025-68346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68346"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: dice: fix buffer overflow in detect_stream_formats()\n\nThe function detect_stream_formats() reads the stream_count value directly\nfrom a FireWire device without validating it. This can lead to\nout-of-bounds writes when a malicious device provides a stream_count value\ngreater than MAX_STREAMS.\n\nFix by applying the same validation to both TX and RX stream counts in\ndetect_stream_formats().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68346",
"url": "https://www.suse.com/security/cve/CVE-2025-68346"
},
{
"category": "external",
"summary": "SUSE Bug 1255603 for CVE-2025-68346",
"url": "https://bugzilla.suse.com/1255603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68346"
},
{
"cve": "CVE-2025-68347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68347"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events\n\nThe DSP event handling code in hwdep_read() could write more bytes to\nthe user buffer than requested, when a user provides a buffer smaller\nthan the event header size (8 bytes).\n\nFix by using min_t() to clamp the copy size, This ensures we never copy\nmore than the user requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68347",
"url": "https://www.suse.com/security/cve/CVE-2025-68347"
},
{
"category": "external",
"summary": "SUSE Bug 1255706 for CVE-2025-68347",
"url": "https://bugzilla.suse.com/1255706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68347"
},
{
"cve": "CVE-2025-68351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68351"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix refcount leak in exfat_find\n\nFix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`.\n\nFunction `exfat_get_dentry_set` would increase the reference counter of\n`es-\u003ebh` on success. Therefore, `exfat_put_dentry_set` must be called\nafter `exfat_get_dentry_set` to ensure refcount consistency. This patch\nrelocate two checks to avoid possible leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68351",
"url": "https://www.suse.com/security/cve/CVE-2025-68351"
},
{
"category": "external",
"summary": "SUSE Bug 1255567 for CVE-2025-68351",
"url": "https://bugzilla.suse.com/1255567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68351"
},
{
"cve": "CVE-2025-68354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: Protect regulator_supply_alias_list with regulator_list_mutex\n\nregulator_supply_alias_list was accessed without any locking in\nregulator_supply_alias(), regulator_register_supply_alias(), and\nregulator_unregister_supply_alias(). Concurrent registration,\nunregistration and lookups can race, leading to:\n\n1 use-after-free if an alias entry is removed while being read,\n2 duplicate entries when two threads register the same alias,\n3 inconsistent alias mappings observed by consumers.\n\nProtect all traversals, insertions and deletions on\nregulator_supply_alias_list with the existing regulator_list_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68354",
"url": "https://www.suse.com/security/cve/CVE-2025-68354"
},
{
"category": "external",
"summary": "SUSE Bug 1255553 for CVE-2025-68354",
"url": "https://bugzilla.suse.com/1255553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68354"
},
{
"cve": "CVE-2025-68362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()\n\nThe rtl8187_rx_cb() calculates the rx descriptor header address\nby subtracting its size from the skb tail pointer.\nHowever, it does not validate if the received packet\n(skb-\u003elen from urb-\u003eactual_length) is large enough to contain this\nheader.\n\nIf a truncated packet is received, this will lead to a buffer\nunderflow, reading memory before the start of the skb data area,\nand causing a kernel panic.\n\nAdd length checks for both rtl8187 and rtl8187b descriptor headers\nbefore attempting to access them, dropping the packet cleanly if the\ncheck fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68362",
"url": "https://www.suse.com/security/cve/CVE-2025-68362"
},
{
"category": "external",
"summary": "SUSE Bug 1255611 for CVE-2025-68362",
"url": "https://bugzilla.suse.com/1255611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68362"
},
{
"cve": "CVE-2025-68378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68378"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stackmap overflow check in __bpf_get_stackid()\n\nSyzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid()\nwhen copying stack trace data. The issue occurs when the perf trace\n contains more stack entries than the stack map bucket can hold,\n leading to an out-of-bounds write in the bucket\u0027s data array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68378",
"url": "https://www.suse.com/security/cve/CVE-2025-68378"
},
{
"category": "external",
"summary": "SUSE Bug 1255614 for CVE-2025-68378",
"url": "https://bugzilla.suse.com/1255614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68378"
},
{
"cve": "CVE-2025-68380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68380"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix peer HE MCS assignment\n\nIn ath11k_wmi_send_peer_assoc_cmd(), peer\u0027s transmit MCS is sent to\nfirmware as receive MCS while peer\u0027s receive MCS sent as transmit MCS,\nwhich goes against firmwire\u0027s definition.\n\nWhile connecting to a misbehaved AP that advertises 0xffff (meaning not\nsupported) for 160 MHz transmit MCS map, firmware crashes due to 0xffff\nis assigned to he_mcs-\u003erx_mcs_set field.\n\n\tExt Tag: HE Capabilities\n\t [...]\n\t Supported HE-MCS and NSS Set\n\t\t[...]\n\t Rx and Tx MCS Maps 160 MHz\n\t\t [...]\n\t Tx HE-MCS Map 160 MHz: 0xffff\n\nSwap the assignment to fix this issue.\n\nAs the HE rate control mask is meant to limit our own transmit MCS, it\nneeds to go via he_mcs-\u003erx_mcs_set field. With the aforementioned swapping\ndone, change is needed as well to apply it to the peer\u0027s receive MCS.\n\nTested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68380",
"url": "https://www.suse.com/security/cve/CVE-2025-68380"
},
{
"category": "external",
"summary": "SUSE Bug 1255580 for CVE-2025-68380",
"url": "https://bugzilla.suse.com/1255580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68380"
},
{
"cve": "CVE-2025-68724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id\n\nUse check_add_overflow() to guard against potential integer overflows\nwhen adding the binary blob lengths and the size of an asymmetric_key_id\nstructure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a\npossible buffer overflow when copying data from potentially malicious\nX.509 certificate fields that can be arbitrarily large, such as ASN.1\nINTEGER serial numbers, issuer names, etc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68724",
"url": "https://www.suse.com/security/cve/CVE-2025-68724"
},
{
"category": "external",
"summary": "SUSE Bug 1255550 for CVE-2025-68724",
"url": "https://bugzilla.suse.com/1255550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68724"
},
{
"cve": "CVE-2025-68732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix race in syncpt alloc/free\n\nFix race condition between host1x_syncpt_alloc()\nand host1x_syncpt_put() by using kref_put_mutex()\ninstead of kref_put() + manual mutex locking.\n\nThis ensures no thread can acquire the\nsyncpt_mutex after the refcount drops to zero\nbut before syncpt_release acquires it.\nThis prevents races where syncpoints could\nbe allocated while still being cleaned up\nfrom a previous release.\n\nRemove explicit mutex locking in syncpt_release\nas kref_put_mutex() handles this atomically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68732",
"url": "https://www.suse.com/security/cve/CVE-2025-68732"
},
{
"category": "external",
"summary": "SUSE Bug 1255688 for CVE-2025-68732",
"url": "https://bugzilla.suse.com/1255688"
},
{
"category": "external",
"summary": "SUSE Bug 1255689 for CVE-2025-68732",
"url": "https://bugzilla.suse.com/1255689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-68732"
},
{
"cve": "CVE-2025-68734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()\n\nIn hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when\nsetup_instance() fails with an error code. Fix that by freeing the urb\nbefore freeing the hw structure. Also change the error paths to use the\ngoto ladder style.\n\nCompile tested only. Issue found using a prototype static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68734",
"url": "https://www.suse.com/security/cve/CVE-2025-68734"
},
{
"category": "external",
"summary": "SUSE Bug 1255538 for CVE-2025-68734",
"url": "https://bugzilla.suse.com/1255538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68734"
},
{
"cve": "CVE-2025-68740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68740"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Handle error code returned by ima_filter_rule_match()\n\nIn ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to\nthe rule being NULL, the function incorrectly skips the \u0027if (!rc)\u0027 check\nand sets \u0027result = true\u0027. The LSM rule is considered a match, causing\nextra files to be measured by IMA.\n\nThis issue can be reproduced in the following scenario:\nAfter unloading the SELinux policy module via \u0027semodule -d\u0027, if an IMA\nmeasurement is triggered before ima_lsm_rules is updated,\nin ima_match_rules(), the first call to ima_filter_rule_match() returns\n-ESTALE. This causes the code to enter the \u0027if (rc == -ESTALE \u0026\u0026\n!rule_reinitialized)\u0027 block, perform ima_lsm_copy_rule() and retry. In\nima_lsm_copy_rule(), since the SELinux module has been removed, the rule\nbecomes NULL, and the second call to ima_filter_rule_match() returns\n-ENOENT. This bypasses the \u0027if (!rc)\u0027 check and results in a false match.\n\nCall trace:\n selinux_audit_rule_match+0x310/0x3b8\n security_audit_rule_match+0x60/0xa0\n ima_match_rules+0x2e4/0x4a0\n ima_match_policy+0x9c/0x1e8\n ima_get_action+0x48/0x60\n process_measurement+0xf8/0xa98\n ima_bprm_check+0x98/0xd8\n security_bprm_check+0x5c/0x78\n search_binary_handler+0x6c/0x318\n exec_binprm+0x58/0x1b8\n bprm_execve+0xb8/0x130\n do_execveat_common.isra.0+0x1a8/0x258\n __arm64_sys_execve+0x48/0x68\n invoke_syscall+0x50/0x128\n el0_svc_common.constprop.0+0xc8/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x44/0x200\n el0t_64_sync_handler+0x100/0x130\n el0t_64_sync+0x3c8/0x3d0\n\nFix this by changing \u0027if (!rc)\u0027 to \u0027if (rc \u003c= 0)\u0027 to ensure that error\ncodes like -ENOENT do not bypass the check and accidentally result in a\nsuccessful match.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68740",
"url": "https://www.suse.com/security/cve/CVE-2025-68740"
},
{
"category": "external",
"summary": "SUSE Bug 1255812 for CVE-2025-68740",
"url": "https://bugzilla.suse.com/1255812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68740"
},
{
"cve": "CVE-2025-68742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix invalid prog-\u003estats access when update_effective_progs fails\n\nSyzkaller triggers an invalid memory access issue following fault\ninjection in update_effective_progs. The issue can be described as\nfollows:\n\n__cgroup_bpf_detach\n update_effective_progs\n compute_effective_progs\n bpf_prog_array_alloc \u003c-- fault inject\n purge_effective_progs\n /* change to dummy_bpf_prog */\n array-\u003eitems[index] = \u0026dummy_bpf_prog.prog\n\n---softirq start---\n__do_softirq\n ...\n __cgroup_bpf_run_filter_skb\n __bpf_prog_run_save_cb\n bpf_prog_run\n stats = this_cpu_ptr(prog-\u003estats)\n /* invalid memory access */\n flags = u64_stats_update_begin_irqsave(\u0026stats-\u003esyncp)\n---softirq end---\n\n static_branch_dec(\u0026cgroup_bpf_enabled_key[atype])\n\nThe reason is that fault injection caused update_effective_progs to fail\nand then changed the original prog into dummy_bpf_prog.prog in\npurge_effective_progs. Then a softirq came, and accessing the members of\ndummy_bpf_prog.prog in the softirq triggers invalid mem access.\n\nTo fix it, skip updating stats when stats is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68742",
"url": "https://www.suse.com/security/cve/CVE-2025-68742"
},
{
"category": "external",
"summary": "SUSE Bug 1255707 for CVE-2025-68742",
"url": "https://bugzilla.suse.com/1255707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68742"
},
{
"cve": "CVE-2025-68744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Free special fields when update [lru_,]percpu_hash maps\n\nAs [lru_,]percpu_hash maps support BPF_KPTR_{REF,PERCPU}, missing\ncalls to \u0027bpf_obj_free_fields()\u0027 in \u0027pcpu_copy_value()\u0027 could cause the\nmemory referenced by BPF_KPTR_{REF,PERCPU} fields to be held until the\nmap gets freed.\n\nFix this by calling \u0027bpf_obj_free_fields()\u0027 after\n\u0027copy_map_value[,_long]()\u0027 in \u0027pcpu_copy_value()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68744",
"url": "https://www.suse.com/security/cve/CVE-2025-68744"
},
{
"category": "external",
"summary": "SUSE Bug 1255709 for CVE-2025-68744",
"url": "https://bugzilla.suse.com/1255709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68744"
},
{
"cve": "CVE-2025-68746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68746"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Fix timeout handling\n\nWhen the CPU that the QSPI interrupt handler runs on (typically CPU 0)\nis excessively busy, it can lead to rare cases of the IRQ thread not\nrunning before the transfer timeout is reached.\n\nWhile handling the timeouts, any pending transfers are cleaned up and\nthe message that they correspond to is marked as failed, which leaves\nthe curr_xfer field pointing at stale memory.\n\nTo avoid this, clear curr_xfer to NULL upon timeout and check for this\ncondition when the IRQ thread is finally run.\n\nWhile at it, also make sure to clear interrupts on failure so that new\ninterrupts can be run.\n\nA better, more involved, fix would move the interrupt clearing into a\nhard IRQ handler. Ideally we would also want to signal that the IRQ\nthread no longer needs to be run after the timeout is hit to avoid the\nextra check for a valid transfer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68746",
"url": "https://www.suse.com/security/cve/CVE-2025-68746"
},
{
"category": "external",
"summary": "SUSE Bug 1255722 for CVE-2025-68746",
"url": "https://bugzilla.suse.com/1255722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68746"
},
{
"cve": "CVE-2025-68747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix UAF on kernel BO VA nodes\n\nIf the MMU is down, panthor_vm_unmap_range() might return an error.\nWe expect the page table to be updated still, and if the MMU is blocked,\nthe rest of the GPU should be blocked too, so no risk of accessing\nphysical memory returned to the system (which the current code doesn\u0027t\ncover for anyway).\n\nProceed with the rest of the cleanup instead of bailing out and leaving\nthe va_node inserted in the drm_mm, which leads to UAF when other\nadjacent nodes are removed from the drm_mm tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68747",
"url": "https://www.suse.com/security/cve/CVE-2025-68747"
},
{
"category": "external",
"summary": "SUSE Bug 1255723 for CVE-2025-68747",
"url": "https://bugzilla.suse.com/1255723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "important"
}
],
"title": "CVE-2025-68747"
},
{
"cve": "CVE-2025-68749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix race condition when unbinding BOs\n\nFix \u0027Memory manager not clean during takedown\u0027 warning that occurs\nwhen ivpu_gem_bo_free() removes the BO from the BOs list before it\ngets unmapped. Then file_priv_unbind() triggers a warning in\ndrm_mm_takedown() during context teardown.\n\nProtect the unmapping sequence with bo_list_lock to ensure the BO is\nalways fully unmapped when removed from the list. This ensures the BO\nis either fully unmapped at context teardown time or present on the\nlist and unmapped by file_priv_unbind().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68749",
"url": "https://www.suse.com/security/cve/CVE-2025-68749"
},
{
"category": "external",
"summary": "SUSE Bug 1255724 for CVE-2025-68749",
"url": "https://bugzilla.suse.com/1255724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68749"
},
{
"cve": "CVE-2025-68750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: potential integer overflow in usbg_make_tpg()\n\nThe variable tpgt in usbg_make_tpg() is defined as unsigned long and is\nassigned to tpgt-\u003etport_tpgt, which is defined as u16. This may cause an\ninteger overflow when tpgt is greater than USHRT_MAX (65535). I\nhaven\u0027t tried to trigger it myself, but it is possible to trigger it\nby calling usbg_make_tpg() with a large value for tpgt.\n\nI modified the type of tpgt to match tpgt-\u003etport_tpgt and adjusted the\nrelevant code accordingly.\n\nThis patch is similar to commit 59c816c1f24d (\"vhost/scsi: potential\nmemory corruption\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68750",
"url": "https://www.suse.com/security/cve/CVE-2025-68750"
},
{
"category": "external",
"summary": "SUSE Bug 1255814 for CVE-2025-68750",
"url": "https://bugzilla.suse.com/1255814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68750"
},
{
"cve": "CVE-2025-68753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-motu: add bounds check in put_user loop for DSP events\n\nIn the DSP event handling code, a put_user() loop copies event data.\nWhen the user buffer size is not aligned to 4 bytes, it could overwrite\nbeyond the buffer boundary.\n\nFix by adding a bounds check before put_user().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68753",
"url": "https://www.suse.com/security/cve/CVE-2025-68753"
},
{
"category": "external",
"summary": "SUSE Bug 1256238 for CVE-2025-68753",
"url": "https://bugzilla.suse.com/1256238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68753"
},
{
"cve": "CVE-2025-68757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vgem-fence: Fix potential deadlock on release\n\nA timer that expires a vgem fence automatically in 10 seconds is now\nreleased with timer_delete_sync() from fence-\u003eops.release() called on last\ndma_fence_put(). In some scenarios, it can run in IRQ context, which is\nnot safe unless TIMER_IRQSAFE is used. One potentially risky scenario was\ndemonstrated in Intel DRM CI trybot, BAT run on machine bat-adlp-6, while\nworking on new IGT subtests syncobj_timeline@stress-* as user space\nreplacements of some problematic test cases of a dma-fence-chain selftest\n[1].\n\n[117.004338] ================================\n[117.004340] WARNING: inconsistent lock state\n[117.004342] 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 Tainted: G S U\n[117.004346] --------------------------------\n[117.004347] inconsistent {HARDIRQ-ON-W} -\u003e {IN-HARDIRQ-W} usage.\n[117.004349] swapper/0/0 [HC1[1]:SC1[1]:HE0:SE0] takes:\n[117.004352] ffff888138f86aa8 ((\u0026fence-\u003etimer)){?.-.}-{0:0}, at: __timer_delete_sync+0x4b/0x190\n[117.004361] {HARDIRQ-ON-W} state was registered at:\n[117.004363] lock_acquire+0xc4/0x2e0\n[117.004366] call_timer_fn+0x80/0x2a0\n[117.004368] __run_timers+0x231/0x310\n[117.004370] run_timer_softirq+0x76/0xe0\n[117.004372] handle_softirqs+0xd4/0x4d0\n[117.004375] __irq_exit_rcu+0x13f/0x160\n[117.004377] irq_exit_rcu+0xe/0x20\n[117.004379] sysvec_apic_timer_interrupt+0xa0/0xc0\n[117.004382] asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[117.004385] cpuidle_enter_state+0x12b/0x8a0\n[117.004388] cpuidle_enter+0x2e/0x50\n[117.004393] call_cpuidle+0x22/0x60\n[117.004395] do_idle+0x1fd/0x260\n[117.004398] cpu_startup_entry+0x29/0x30\n[117.004401] start_secondary+0x12d/0x160\n[117.004404] common_startup_64+0x13e/0x141\n[117.004407] irq event stamp: 2282669\n[117.004409] hardirqs last enabled at (2282668): [\u003cffffffff8289db71\u003e] _raw_spin_unlock_irqrestore+0x51/0x80\n[117.004414] hardirqs last disabled at (2282669): [\u003cffffffff82882021\u003e] sysvec_irq_work+0x11/0xc0\n[117.004419] softirqs last enabled at (2254702): [\u003cffffffff8289fd00\u003e] __do_softirq+0x10/0x18\n[117.004423] softirqs last disabled at (2254725): [\u003cffffffff813d4ddf\u003e] __irq_exit_rcu+0x13f/0x160\n[117.004426]\nother info that might help us debug this:\n[117.004429] Possible unsafe locking scenario:\n[117.004432] CPU0\n[117.004433] ----\n[117.004434] lock((\u0026fence-\u003etimer));\n[117.004436] \u003cInterrupt\u003e\n[117.004438] lock((\u0026fence-\u003etimer));\n[117.004440]\n *** DEADLOCK ***\n[117.004443] 1 lock held by swapper/0/0:\n[117.004445] #0: ffffc90000003d50 ((\u0026fence-\u003etimer)){?.-.}-{0:0}, at: call_timer_fn+0x7a/0x2a0\n[117.004450]\nstack backtrace:\n[117.004453] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G S U 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 PREEMPT(voluntary)\n[117.004455] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER\n[117.004455] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n[117.004456] Call Trace:\n[117.004456] \u003cIRQ\u003e\n[117.004457] dump_stack_lvl+0x91/0xf0\n[117.004460] dump_stack+0x10/0x20\n[117.004461] print_usage_bug.part.0+0x260/0x360\n[117.004463] mark_lock+0x76e/0x9c0\n[117.004465] ? register_lock_class+0x48/0x4a0\n[117.004467] __lock_acquire+0xbc3/0x2860\n[117.004469] lock_acquire+0xc4/0x2e0\n[117.004470] ? __timer_delete_sync+0x4b/0x190\n[117.004472] ? __timer_delete_sync+0x4b/0x190\n[117.004473] __timer_delete_sync+0x68/0x190\n[117.004474] ? __timer_delete_sync+0x4b/0x190\n[117.004475] timer_delete_sync+0x10/0x20\n[117.004476] vgem_fence_release+0x19/0x30 [vgem]\n[117.004478] dma_fence_release+0xc1/0x3b0\n[117.004480] ? dma_fence_release+0xa1/0x3b0\n[117.004481] dma_fence_chain_release+0xe7/0x130\n[117.004483] dma_fence_release+0xc1/0x3b0\n[117.004484] ? _raw_spin_unlock_irqrestore+0x27/0x80\n[117.004485] dma_fence_chain_irq_work+0x59/0x80\n[117.004487] irq_work_single+0x75/0xa0\n[117.004490] irq_work_r\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68757",
"url": "https://www.suse.com/security/cve/CVE-2025-68757"
},
{
"category": "external",
"summary": "SUSE Bug 1255943 for CVE-2025-68757",
"url": "https://bugzilla.suse.com/1255943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68757"
},
{
"cve": "CVE-2025-68758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: led-bl: Add devlink to supplier LEDs\n\nLED Backlight is a consumer of one or multiple LED class devices, but\ndevlink is currently unable to create correct supplier-producer links when\nthe supplier is a class device. It creates instead a link where the\nsupplier is the parent of the expected device.\n\nOne consequence is that removal order is not correctly enforced.\n\nIssues happen for example with the following sections in a device tree\noverlay:\n\n // An LED driver chip\n pca9632@62 {\n compatible = \"nxp,pca9632\";\n reg = \u003c0x62\u003e;\n\n\t// ...\n\n addon_led_pwm: led-pwm@3 {\n reg = \u003c3\u003e;\n label = \"addon:led:pwm\";\n };\n };\n\n backlight-addon {\n compatible = \"led-backlight\";\n leds = \u003c\u0026addon_led_pwm\u003e;\n brightness-levels = \u003c255\u003e;\n default-brightness-level = \u003c255\u003e;\n };\n\nIn this example, the devlink should be created between the backlight-addon\n(consumer) and the pca9632@62 (supplier). Instead it is created between the\nbacklight-addon (consumer) and the parent of the pca9632@62, which is\ntypically the I2C bus adapter.\n\nOn removal of the above overlay, the LED driver can be removed before the\nbacklight device, resulting in:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n ...\n Call trace:\n led_put+0xe0/0x140\n devm_led_release+0x6c/0x98\n\nAnother way to reproduce the bug without any device tree overlays is\nunbinding the LED class device (pca9632@62) before unbinding the consumer\n(backlight-addon):\n\n echo 11-0062 \u003e/sys/bus/i2c/drivers/leds-pca963x/unbind\n echo ...backlight-dock \u003e/sys/bus/platform/drivers/led-backlight/unbind\n\nFix by adding a devlink between the consuming led-backlight device and the\nsupplying LED device, as other drivers and subsystems do as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68758",
"url": "https://www.suse.com/security/cve/CVE-2025-68758"
},
{
"category": "external",
"summary": "SUSE Bug 1255944 for CVE-2025-68758",
"url": "https://bugzilla.suse.com/1255944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68758"
},
{
"cve": "CVE-2025-68759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()\n\nIn rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA\nallocations in a loop. When an allocation fails, the previously\nsuccessful allocations are not freed on exit.\n\nFix that by jumping to err_free_rings label on error, which calls\nrtl8180_free_rx_ring() to free the allocations. Remove the free of\nrx_ring in rtl8180_init_rx_ring() error path, and set the freed\npriv-\u003erx_buf entry to null, to avoid double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68759",
"url": "https://www.suse.com/security/cve/CVE-2025-68759"
},
{
"category": "external",
"summary": "SUSE Bug 1255934 for CVE-2025-68759",
"url": "https://bugzilla.suse.com/1255934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68759"
},
{
"cve": "CVE-2025-68765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()\n\nIn mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the\nsubsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function\nreturns an error without freeing sskb, leading to a memory leak.\n\nFix this by calling dev_kfree_skb() on sskb in the error handling path\nto ensure it is properly released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68765",
"url": "https://www.suse.com/security/cve/CVE-2025-68765"
},
{
"category": "external",
"summary": "SUSE Bug 1255931 for CVE-2025-68765",
"url": "https://bugzilla.suse.com/1255931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68765"
},
{
"cve": "CVE-2025-68766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()\n\nIf irq_domain_translate_twocell() sets \"hwirq\" to \u003e= MCHP_EIC_NIRQ (2) then\nit results in an out of bounds access.\n\nThe code checks for invalid values, but doesn\u0027t set the error code. Return\n-EINVAL in that case, instead of returning success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68766",
"url": "https://www.suse.com/security/cve/CVE-2025-68766"
},
{
"category": "external",
"summary": "SUSE Bug 1255932 for CVE-2025-68766",
"url": "https://bugzilla.suse.com/1255932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.28.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.28.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T15:08:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68766"
}
]
}
MSRC_CVE-2025-40339
Vulnerability from csaf_microsoft - Published: 2025-12-02 00:00 - Updated: 2025-12-10 01:01Summary
drm/amdgpu: fix nullptr err of vm_handle_moved
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40339.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "drm/amdgpu: fix nullptr err of vm_handle_moved",
"tracking": {
"current_release_date": "2025-12-10T01:01:52.000Z",
"generator": {
"date": "2025-12-11T08:15:45.254Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-40339",
"initial_release_date": "2025-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-12-10T01:01:52.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 kernel 6.6.117.1-1",
"product": {
"name": "azl3 kernel 6.6.117.1-1",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 6.6.117.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40339",
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40339.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-12-10T01:01:52.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
}
],
"title": "drm/amdgpu: fix nullptr err of vm_handle_moved"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…