SUSE-SU-2026:0163-1
Vulnerability from csaf_suse - Published: 2026-01-19 14:34 - Updated: 2026-01-19 14:34Summary
Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)
Description of the patch
This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.150 fixes various security issues
The following security issues were fixed:
- CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 (bsc#1249242).
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1254451).
- CVE-2022-50409: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (bsc#1250665).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251165).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248615).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1251203).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248400).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248670).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
Patchnames
SUSE-2026-163,SUSE-2026-164,SUSE-2026-167,SUSE-SLE-Module-Live-Patching-15-SP4-2026-163
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.150 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \\0 (bsc#1249242).\n- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1254451).\n- CVE-2022-50409: net: If sock is dead don\u0027t access sock\u0027s sk_wq in sk_stream_wait_memory (bsc#1250665).\n- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251165).\n- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787).\n- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248615).\n- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1251203).\n- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248400).\n- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248670).\n- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-163,SUSE-2026-164,SUSE-2026-167,SUSE-SLE-Module-Live-Patching-15-SP4-2026-163",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0163-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0163-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260163-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0163-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023795.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248400",
"url": "https://bugzilla.suse.com/1248400"
},
{
"category": "self",
"summary": "SUSE Bug 1248615",
"url": "https://bugzilla.suse.com/1248615"
},
{
"category": "self",
"summary": "SUSE Bug 1248670",
"url": "https://bugzilla.suse.com/1248670"
},
{
"category": "self",
"summary": "SUSE Bug 1249242",
"url": "https://bugzilla.suse.com/1249242"
},
{
"category": "self",
"summary": "SUSE Bug 1250665",
"url": "https://bugzilla.suse.com/1250665"
},
{
"category": "self",
"summary": "SUSE Bug 1251165",
"url": "https://bugzilla.suse.com/1251165"
},
{
"category": "self",
"summary": "SUSE Bug 1251203",
"url": "https://bugzilla.suse.com/1251203"
},
{
"category": "self",
"summary": "SUSE Bug 1251787",
"url": "https://bugzilla.suse.com/1251787"
},
{
"category": "self",
"summary": "SUSE Bug 1253437",
"url": "https://bugzilla.suse.com/1253437"
},
{
"category": "self",
"summary": "SUSE Bug 1254451",
"url": "https://bugzilla.suse.com/1254451"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50233 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50327 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50409 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50490 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53676 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38572 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38608 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40204/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)",
"tracking": {
"current_release_date": "2026-01-19T14:34:24Z",
"generator": {
"date": "2026-01-19T14:34:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0163-1",
"initial_release_date": "2026-01-19T14:34:24Z",
"revision_history": [
{
"date": "2026-01-19T14:34:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_170-default-10-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-11-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix using strlen with hdev-\u003e{dev_name,short_name}\n\nBoth dev_name and short_name are not guaranteed to be NULL terminated so\nthis instead use strnlen and then attempt to determine if the resulting\nstring needs to be truncated or not.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50233",
"url": "https://www.suse.com/security/cve/CVE-2022-50233"
},
{
"category": "external",
"summary": "SUSE Bug 1246968 for CVE-2022-50233",
"url": "https://bugzilla.suse.com/1246968"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2022-50233",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249242 for CVE-2022-50233",
"url": "https://bugzilla.suse.com/1249242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2022-50233"
},
{
"cve": "CVE-2022-50327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50327"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: idle: Check acpi_fetch_acpi_dev() return value\n\nThe return value of acpi_fetch_acpi_dev() could be NULL, which would\ncause a NULL pointer dereference to occur in acpi_device_hid().\n\n[ rjw: Subject and changelog edits, added empty line after if () ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50327",
"url": "https://www.suse.com/security/cve/CVE-2022-50327"
},
{
"category": "external",
"summary": "SUSE Bug 1249859 for CVE-2022-50327",
"url": "https://bugzilla.suse.com/1249859"
},
{
"category": "external",
"summary": "SUSE Bug 1254451 for CVE-2022-50327",
"url": "https://bugzilla.suse.com/1254451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2022-50327"
},
{
"cve": "CVE-2022-50409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: If sock is dead don\u0027t access sock\u0027s sk_wq in sk_stream_wait_memory\n\nFixes the below NULL pointer dereference:\n\n [...]\n [ 14.471200] Call Trace:\n [ 14.471562] \u003cTASK\u003e\n [ 14.471882] lock_acquire+0x245/0x2e0\n [ 14.472416] ? remove_wait_queue+0x12/0x50\n [ 14.473014] ? _raw_spin_lock_irqsave+0x17/0x50\n [ 14.473681] _raw_spin_lock_irqsave+0x3d/0x50\n [ 14.474318] ? remove_wait_queue+0x12/0x50\n [ 14.474907] remove_wait_queue+0x12/0x50\n [ 14.475480] sk_stream_wait_memory+0x20d/0x340\n [ 14.476127] ? do_wait_intr_irq+0x80/0x80\n [ 14.476704] do_tcp_sendpages+0x287/0x600\n [ 14.477283] tcp_bpf_push+0xab/0x260\n [ 14.477817] tcp_bpf_sendmsg_redir+0x297/0x500\n [ 14.478461] ? __local_bh_enable_ip+0x77/0xe0\n [ 14.479096] tcp_bpf_send_verdict+0x105/0x470\n [ 14.479729] tcp_bpf_sendmsg+0x318/0x4f0\n [ 14.480311] sock_sendmsg+0x2d/0x40\n [ 14.480822] ____sys_sendmsg+0x1b4/0x1c0\n [ 14.481390] ? copy_msghdr_from_user+0x62/0x80\n [ 14.482048] ___sys_sendmsg+0x78/0xb0\n [ 14.482580] ? vmf_insert_pfn_prot+0x91/0x150\n [ 14.483215] ? __do_fault+0x2a/0x1a0\n [ 14.483738] ? do_fault+0x15e/0x5d0\n [ 14.484246] ? __handle_mm_fault+0x56b/0x1040\n [ 14.484874] ? lock_is_held_type+0xdf/0x130\n [ 14.485474] ? find_held_lock+0x2d/0x90\n [ 14.486046] ? __sys_sendmsg+0x41/0x70\n [ 14.486587] __sys_sendmsg+0x41/0x70\n [ 14.487105] ? intel_pmu_drain_pebs_core+0x350/0x350\n [ 14.487822] do_syscall_64+0x34/0x80\n [ 14.488345] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n\nThe test scenario has the following flow:\n\nthread1 thread2\n----------- ---------------\n tcp_bpf_sendmsg\n tcp_bpf_send_verdict\n tcp_bpf_sendmsg_redir sock_close\n tcp_bpf_push_locked __sock_release\n tcp_bpf_push //inet_release\n do_tcp_sendpages sock-\u003eops-\u003erelease\n sk_stream_wait_memory \t // tcp_close\n sk_wait_event sk-\u003esk_prot-\u003eclose\n release_sock(__sk);\n ***\n lock_sock(sk);\n __tcp_close\n sock_orphan(sk)\n sk-\u003esk_wq = NULL\n release_sock\n ****\n lock_sock(__sk);\n remove_wait_queue(sk_sleep(sk), \u0026wait);\n sk_sleep(sk)\n //NULL pointer dereference\n \u0026rcu_dereference_raw(sk-\u003esk_wq)-\u003ewait\n\nWhile waiting for memory in thread1, the socket is released with its wait\nqueue because thread2 has closed it. This caused by tcp_bpf_send_verdict\ndidn\u0027t increase the f_count of psock-\u003esk_redir-\u003esk_socket-\u003efile in thread1.\n\nWe should check if SOCK_DEAD flag is set on wakeup in sk_stream_wait_memory\nbefore accessing the wait queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50409",
"url": "https://www.suse.com/security/cve/CVE-2022-50409"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2022-50409",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250392 for CVE-2022-50409",
"url": "https://bugzilla.suse.com/1250392"
},
{
"category": "external",
"summary": "SUSE Bug 1250665 for CVE-2022-50409",
"url": "https://bugzilla.suse.com/1250665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2022-50409"
},
{
"cve": "CVE-2022-50490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Propagate error from htab_lock_bucket() to userspace\n\nIn __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns\n-EBUSY, it will go to next bucket. Going to next bucket may not only\nskip the elements in current bucket silently, but also incur\nout-of-bound memory access or expose kernel memory to userspace if\ncurrent bucket_cnt is greater than bucket_size or zero.\n\nFixing it by stopping batch operation and returning -EBUSY when\nhtab_lock_bucket() fails, and the application can retry or skip the busy\nbatch as needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50490",
"url": "https://www.suse.com/security/cve/CVE-2022-50490"
},
{
"category": "external",
"summary": "SUSE Bug 1251164 for CVE-2022-50490",
"url": "https://bugzilla.suse.com/1251164"
},
{
"category": "external",
"summary": "SUSE Bug 1251165 for CVE-2022-50490",
"url": "https://bugzilla.suse.com/1251165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2022-50490"
},
{
"cve": "CVE-2023-53676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it\u0027s possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53676",
"url": "https://www.suse.com/security/cve/CVE-2023-53676"
},
{
"category": "external",
"summary": "SUSE Bug 1251786 for CVE-2023-53676",
"url": "https://bugzilla.suse.com/1251786"
},
{
"category": "external",
"summary": "SUSE Bug 1251787 for CVE-2023-53676",
"url": "https://bugzilla.suse.com/1251787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2023-53676"
},
{
"cve": "CVE-2024-58239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: stop recv() if initial process_rx_list gave us non-DATA\n\nIf we have a non-DATA record on the rx_list and another record of the\nsame type still on the queue, we will end up merging them:\n - process_rx_list copies the non-DATA record\n - we start the loop and process the first available record since it\u0027s\n of the same type\n - we break out of the loop since the record was not DATA\n\nJust check the record type and jump to the end in case process_rx_list\ndid some work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58239",
"url": "https://www.suse.com/security/cve/CVE-2024-58239"
},
{
"category": "external",
"summary": "SUSE Bug 1248614 for CVE-2024-58239",
"url": "https://bugzilla.suse.com/1248614"
},
{
"category": "external",
"summary": "SUSE Bug 1248615 for CVE-2024-58239",
"url": "https://bugzilla.suse.com/1248615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2024-58239"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "external",
"summary": "SUSE Bug 1251203 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1251203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: reject malicious packets in ipv6_gso_segment()\n\nsyzbot was able to craft a packet with very long IPv6 extension headers\nleading to an overflow of skb-\u003etransport_header.\n\nThis 16bit field has a limited range.\n\nAdd skb_reset_transport_header_careful() helper and use it\nfrom ipv6_gso_segment()\n\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nModules linked in:\nCPU: 0 UID: 0 PID: 5871 Comm: syz-executor211 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\n RIP: 0010:ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nCall Trace:\n \u003cTASK\u003e\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n nsh_gso_segment+0x54a/0xe10 net/nsh/nsh.c:110\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n __skb_gso_segment+0x342/0x510 net/core/gso.c:124\n skb_gso_segment include/net/gso.h:83 [inline]\n validate_xmit_skb+0x857/0x11b0 net/core/dev.c:3950\n validate_xmit_skb_list+0x84/0x120 net/core/dev.c:4000\n sch_direct_xmit+0xd3/0x4b0 net/sched/sch_generic.c:329\n __dev_xmit_skb net/core/dev.c:4102 [inline]\n __dev_queue_xmit+0x17b6/0x3a70 net/core/dev.c:4679",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38572",
"url": "https://www.suse.com/security/cve/CVE-2025-38572"
},
{
"category": "external",
"summary": "SUSE Bug 1248399 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "external",
"summary": "SUSE Bug 1248400 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2025-38572"
},
{
"cve": "CVE-2025-38608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n\nWhen sending plaintext data, we initially calculated the corresponding\nciphertext length. However, if we later reduced the plaintext data length\nvia socket policy, we failed to recalculate the ciphertext length.\n\nThis results in transmitting buffers containing uninitialized data during\nciphertext transmission.\n\nThis causes uninitialized bytes to be appended after a complete\n\"Application Data\" packet, leading to errors on the receiving end when\nparsing TLS record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38608",
"url": "https://www.suse.com/security/cve/CVE-2025-38608"
},
{
"category": "external",
"summary": "SUSE Bug 1248338 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "external",
"summary": "SUSE Bug 1248670 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2025-38608"
},
{
"cve": "CVE-2025-40204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40204",
"url": "https://www.suse.com/security/cve/CVE-2025-40204"
},
{
"category": "external",
"summary": "SUSE Bug 1253436 for CVE-2025-40204",
"url": "https://bugzilla.suse.com/1253436"
},
{
"category": "external",
"summary": "SUSE Bug 1253437 for CVE-2025-40204",
"url": "https://bugzilla.suse.com/1253437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-13-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T14:34:24Z",
"details": "important"
}
],
"title": "CVE-2025-40204"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…