SUSE-SU-2026:0155-1
Vulnerability from csaf_suse - Published: 2026-01-19 12:11 - Updated: 2026-01-19 12:11Summary
Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)
Description of the patch
This update for the SUSE Linux Enterprise kernel 4.12.14-122.272 fixes various security issues
The following security issues were fixed:
- CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 (bsc#1249242).
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1254451).
- CVE-2022-50367: fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1250280).
- CVE-2022-50409: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (bsc#1250665).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787).
- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252563).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248400).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
Patchnames
SUSE-2026-155,SUSE-SLE-Live-Patching-12-SP5-2026-161
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise kernel 4.12.14-122.272 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \\0 (bsc#1249242).\n- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1254451).\n- CVE-2022-50367: fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1250280).\n- CVE-2022-50409: net: If sock is dead don\u0027t access sock\u0027s sk_wq in sk_stream_wait_memory (bsc#1250665).\n- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787).\n- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252563).\n- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248400).\n- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-155,SUSE-SLE-Live-Patching-12-SP5-2026-161",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0155-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0155-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260155-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0155-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023796.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248400",
"url": "https://bugzilla.suse.com/1248400"
},
{
"category": "self",
"summary": "SUSE Bug 1249242",
"url": "https://bugzilla.suse.com/1249242"
},
{
"category": "self",
"summary": "SUSE Bug 1250280",
"url": "https://bugzilla.suse.com/1250280"
},
{
"category": "self",
"summary": "SUSE Bug 1250665",
"url": "https://bugzilla.suse.com/1250665"
},
{
"category": "self",
"summary": "SUSE Bug 1251787",
"url": "https://bugzilla.suse.com/1251787"
},
{
"category": "self",
"summary": "SUSE Bug 1252563",
"url": "https://bugzilla.suse.com/1252563"
},
{
"category": "self",
"summary": "SUSE Bug 1253437",
"url": "https://bugzilla.suse.com/1253437"
},
{
"category": "self",
"summary": "SUSE Bug 1254451",
"url": "https://bugzilla.suse.com/1254451"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50233 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50327 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50367 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50409 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53676 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38572 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40204/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)",
"tracking": {
"current_release_date": "2026-01-19T12:11:10Z",
"generator": {
"date": "2026-01-19T12:11:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0155-1",
"initial_release_date": "2026-01-19T12:11:10Z",
"revision_history": [
{
"date": "2026-01-19T12:11:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_244-default-14-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_244-default-14-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_244-default-14-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_244-default-14-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_244-default-14-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_244-default-14-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_272-default-4-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_244-default-14-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_244-default-14-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_244-default-14-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix using strlen with hdev-\u003e{dev_name,short_name}\n\nBoth dev_name and short_name are not guaranteed to be NULL terminated so\nthis instead use strnlen and then attempt to determine if the resulting\nstring needs to be truncated or not.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50233",
"url": "https://www.suse.com/security/cve/CVE-2022-50233"
},
{
"category": "external",
"summary": "SUSE Bug 1246968 for CVE-2022-50233",
"url": "https://bugzilla.suse.com/1246968"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2022-50233",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249242 for CVE-2022-50233",
"url": "https://bugzilla.suse.com/1249242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2022-50233"
},
{
"cve": "CVE-2022-50327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50327"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: idle: Check acpi_fetch_acpi_dev() return value\n\nThe return value of acpi_fetch_acpi_dev() could be NULL, which would\ncause a NULL pointer dereference to occur in acpi_device_hid().\n\n[ rjw: Subject and changelog edits, added empty line after if () ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50327",
"url": "https://www.suse.com/security/cve/CVE-2022-50327"
},
{
"category": "external",
"summary": "SUSE Bug 1249859 for CVE-2022-50327",
"url": "https://bugzilla.suse.com/1249859"
},
{
"category": "external",
"summary": "SUSE Bug 1254451 for CVE-2022-50327",
"url": "https://bugzilla.suse.com/1254451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2022-50327"
},
{
"cve": "CVE-2022-50367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50367"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode-\u003ei_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode-\u003ei_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50367",
"url": "https://www.suse.com/security/cve/CVE-2022-50367"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2022-50367",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250277 for CVE-2022-50367",
"url": "https://bugzilla.suse.com/1250277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2022-50367"
},
{
"cve": "CVE-2022-50409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: If sock is dead don\u0027t access sock\u0027s sk_wq in sk_stream_wait_memory\n\nFixes the below NULL pointer dereference:\n\n [...]\n [ 14.471200] Call Trace:\n [ 14.471562] \u003cTASK\u003e\n [ 14.471882] lock_acquire+0x245/0x2e0\n [ 14.472416] ? remove_wait_queue+0x12/0x50\n [ 14.473014] ? _raw_spin_lock_irqsave+0x17/0x50\n [ 14.473681] _raw_spin_lock_irqsave+0x3d/0x50\n [ 14.474318] ? remove_wait_queue+0x12/0x50\n [ 14.474907] remove_wait_queue+0x12/0x50\n [ 14.475480] sk_stream_wait_memory+0x20d/0x340\n [ 14.476127] ? do_wait_intr_irq+0x80/0x80\n [ 14.476704] do_tcp_sendpages+0x287/0x600\n [ 14.477283] tcp_bpf_push+0xab/0x260\n [ 14.477817] tcp_bpf_sendmsg_redir+0x297/0x500\n [ 14.478461] ? __local_bh_enable_ip+0x77/0xe0\n [ 14.479096] tcp_bpf_send_verdict+0x105/0x470\n [ 14.479729] tcp_bpf_sendmsg+0x318/0x4f0\n [ 14.480311] sock_sendmsg+0x2d/0x40\n [ 14.480822] ____sys_sendmsg+0x1b4/0x1c0\n [ 14.481390] ? copy_msghdr_from_user+0x62/0x80\n [ 14.482048] ___sys_sendmsg+0x78/0xb0\n [ 14.482580] ? vmf_insert_pfn_prot+0x91/0x150\n [ 14.483215] ? __do_fault+0x2a/0x1a0\n [ 14.483738] ? do_fault+0x15e/0x5d0\n [ 14.484246] ? __handle_mm_fault+0x56b/0x1040\n [ 14.484874] ? lock_is_held_type+0xdf/0x130\n [ 14.485474] ? find_held_lock+0x2d/0x90\n [ 14.486046] ? __sys_sendmsg+0x41/0x70\n [ 14.486587] __sys_sendmsg+0x41/0x70\n [ 14.487105] ? intel_pmu_drain_pebs_core+0x350/0x350\n [ 14.487822] do_syscall_64+0x34/0x80\n [ 14.488345] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n\nThe test scenario has the following flow:\n\nthread1 thread2\n----------- ---------------\n tcp_bpf_sendmsg\n tcp_bpf_send_verdict\n tcp_bpf_sendmsg_redir sock_close\n tcp_bpf_push_locked __sock_release\n tcp_bpf_push //inet_release\n do_tcp_sendpages sock-\u003eops-\u003erelease\n sk_stream_wait_memory \t // tcp_close\n sk_wait_event sk-\u003esk_prot-\u003eclose\n release_sock(__sk);\n ***\n lock_sock(sk);\n __tcp_close\n sock_orphan(sk)\n sk-\u003esk_wq = NULL\n release_sock\n ****\n lock_sock(__sk);\n remove_wait_queue(sk_sleep(sk), \u0026wait);\n sk_sleep(sk)\n //NULL pointer dereference\n \u0026rcu_dereference_raw(sk-\u003esk_wq)-\u003ewait\n\nWhile waiting for memory in thread1, the socket is released with its wait\nqueue because thread2 has closed it. This caused by tcp_bpf_send_verdict\ndidn\u0027t increase the f_count of psock-\u003esk_redir-\u003esk_socket-\u003efile in thread1.\n\nWe should check if SOCK_DEAD flag is set on wakeup in sk_stream_wait_memory\nbefore accessing the wait queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50409",
"url": "https://www.suse.com/security/cve/CVE-2022-50409"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2022-50409",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250392 for CVE-2022-50409",
"url": "https://bugzilla.suse.com/1250392"
},
{
"category": "external",
"summary": "SUSE Bug 1250665 for CVE-2022-50409",
"url": "https://bugzilla.suse.com/1250665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2022-50409"
},
{
"cve": "CVE-2023-53676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it\u0027s possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53676",
"url": "https://www.suse.com/security/cve/CVE-2023-53676"
},
{
"category": "external",
"summary": "SUSE Bug 1251786 for CVE-2023-53676",
"url": "https://bugzilla.suse.com/1251786"
},
{
"category": "external",
"summary": "SUSE Bug 1251787 for CVE-2023-53676",
"url": "https://bugzilla.suse.com/1251787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2023-53676"
},
{
"cve": "CVE-2023-53717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53717"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()\n\nFix a stack-out-of-bounds write that occurs in a WMI response callback\nfunction that is called after a timeout occurs in ath9k_wmi_cmd().\nThe callback writes to wmi-\u003ecmd_rsp_buf, a stack-allocated buffer that\ncould no longer be valid when a timeout occurs. Set wmi-\u003elast_seq_id to\n0 when a timeout occurred.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx\nWrite of size 4\nCall Trace:\n memcpy\n ath9k_wmi_ctrl_rx\n ath9k_htc_rx_msg\n ath9k_hif_usb_reg_in_cb\n __usb_hcd_giveback_urb\n usb_hcd_giveback_urb\n dummy_timer\n call_timer_fn\n run_timer_softirq\n __do_softirq\n irq_exit_rcu\n sysvec_apic_timer_interrupt",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53717",
"url": "https://www.suse.com/security/cve/CVE-2023-53717"
},
{
"category": "external",
"summary": "SUSE Bug 1252560 for CVE-2023-53717",
"url": "https://bugzilla.suse.com/1252560"
},
{
"category": "external",
"summary": "SUSE Bug 1252563 for CVE-2023-53717",
"url": "https://bugzilla.suse.com/1252563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2023-53717"
},
{
"cve": "CVE-2025-38572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: reject malicious packets in ipv6_gso_segment()\n\nsyzbot was able to craft a packet with very long IPv6 extension headers\nleading to an overflow of skb-\u003etransport_header.\n\nThis 16bit field has a limited range.\n\nAdd skb_reset_transport_header_careful() helper and use it\nfrom ipv6_gso_segment()\n\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nModules linked in:\nCPU: 0 UID: 0 PID: 5871 Comm: syz-executor211 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\n RIP: 0010:ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nCall Trace:\n \u003cTASK\u003e\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n nsh_gso_segment+0x54a/0xe10 net/nsh/nsh.c:110\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n __skb_gso_segment+0x342/0x510 net/core/gso.c:124\n skb_gso_segment include/net/gso.h:83 [inline]\n validate_xmit_skb+0x857/0x11b0 net/core/dev.c:3950\n validate_xmit_skb_list+0x84/0x120 net/core/dev.c:4000\n sch_direct_xmit+0xd3/0x4b0 net/sched/sch_generic.c:329\n __dev_xmit_skb net/core/dev.c:4102 [inline]\n __dev_queue_xmit+0x17b6/0x3a70 net/core/dev.c:4679",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38572",
"url": "https://www.suse.com/security/cve/CVE-2025-38572"
},
{
"category": "external",
"summary": "SUSE Bug 1248399 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "external",
"summary": "SUSE Bug 1248400 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2025-38572"
},
{
"cve": "CVE-2025-40204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40204",
"url": "https://www.suse.com/security/cve/CVE-2025-40204"
},
{
"category": "external",
"summary": "SUSE Bug 1253436 for CVE-2025-40204",
"url": "https://bugzilla.suse.com/1253436"
},
{
"category": "external",
"summary": "SUSE Bug 1253437 for CVE-2025-40204",
"url": "https://bugzilla.suse.com/1253437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T12:11:10Z",
"details": "important"
}
],
"title": "CVE-2025-40204"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…